.NET WebApi中的Server.Transfer /重定向

Question

Our company has an internal API (.NET WebApi) serving many of our applications. Now, we're going to have an application hosted outside and the decision was to not open our main server to the internet.

Instead, they are going to create a wrapper in a separated server that is properly setup in our firewall and does have access to our network.

The problem is: We want this wrapper API to be as simple as possible and basically redirect requests to our internal API.

Something like this:

[HttpGet]
[Route("api/PDF/{orderid}")]
public IHttpActionResult GetOrderPDF(string orderid, bool showpictures = false, string disposition = "attachment")
{
    string url = "http://MYINTERNALSERVER/api/PDF/" + orderid;
    System.Uri uri = new System.Uri(url);
    return Redirect(uri); //Server.Transfer ?
}

The problem about using this method is that my external client will try to access our internal server and, of course, will not have access.

We want to have a wrapper so we only expose methods that we want.

I read about IIS Redirection but if I redirect all requests, I'm pretty much exposing all methods to the internet.

Any suggestions ?

Answer 1

The first time you need to do a POST request, this approach is going to fall apart because you cannot redirect a POST operation.

You don't need a whole new application. What you need is a reverse-proxy (consider NGINX ) that is publicly available to the internet. It can proxy traffic across the firewall to whatever is serving up WebAPI.

The benefits here are:

• If there is an issue with outside traffic (hacking), you can disable the reverse-proxy without disturbing internal traffic
• If you take the current approach, or try to write your own proxy, you'll need to modify it any time your WebAPI contract changes. You won't need to do this with a reverse proxy, because the proxy is designed to be mostly transparent to the HTTP traffic it is serving.
• No code to write.