如何授权Webapi端点供第三方使用
[英]How to authorize webapi endpoint for 3rd party to use
问题描述
I have to create a endpoint that will use used by a 3rd party. 
我必须创建一个将由第三方使用的端点。 We use identity server when people log in to our application. 当人们登录到我们的应用程序时,我们将使用身份服务器。 What do I need to do to only allow access to this 3rd party to call the endpoint? 我只需要允许访问此第三方来呼叫端点,该怎么办? I dont want just anyone to be able to call the endpoint. 我不希望任何人都能呼叫端点。 For example, if I gave you my endpoint URL and you used postman to post to it, I would only allow you if you were authorised 例如,如果我给您我的终结点URL,并且您使用邮递员将其发布到该URL,则只有在您被授权的情况下,我才允许您
2 个解决方案
解决方案1
0 2018-07-24 23:50:31
I think you need to enable CORS (Cross-Origin Requests) as outlined by Microsoft here . 我认为您需要启用Microsoft在此概述的 CORS(跨域请求)。
For example, you would decorate your controller as so: 例如,您可以这样装饰控制器:
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Cors;
namespace WebService.Controllers
{
[EnableCors(origins: "http://mywebclient.azurewebsites.net", headers: "*", methods: "*")]
public class TestController : ApiController
{
// Controller methods not shown...
}
}
解决方案2
0 已采纳 2018-07-25 01:37:41
There are a number of ways to secure an ASP.NET web app/api. 有多种方法可以保护ASP.NET Web应用程序/ api。
I typically use a SQL user store or active directory and issue JWT tokens. 我通常使用SQL用户存储或活动目录并发出JWT令牌。 A nice guide can be found here. 一个很好的指南可以在这里找到。
https://jonhilton.net/2017/10/11/secure-your-asp.net-core-2.0-api-part-1---issuing-a-jwt/ https://jonhilton.net/2017/10/11/secure-your-asp.net-core-2.0-api-part-1---issuing-a-jwt/
Here is the documentation for identity server - as you mentioned you wanted to use that - about this very topic. 这是身份服务器的文档-正如您提到的那样,您想使用它-有关此主题的文档。
http://docs.identityserver.io/en/release/topics/apis.html http://docs.identityserver.io/en/release/topics/apis.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.