[英]How can I restrict my Azure Web App API access to only my Xamarin.Forms app?
I am quite an experience Xamarin developer but completely new to backend stuff.我是一位经验丰富的 Xamarin 开发人员,但对后端的东西完全陌生。 I have written an API which has some data, let's say weathers, which my Xamarin.Forms app will query.我写了一个 API 有一些数据,比如说天气,我的 Xamarin.Forms 应用程序将查询这些数据。 All the calls are GET calls so no issues with security but I'd like to restrict the API so that only my app is authorised to make those calls.所有调用都是 GET 调用,因此没有安全问题,但我想限制 API 以便只有我的应用程序有权进行这些调用。 This is to prevent some other wily developer building their own app that calls to my API for example.这是为了防止其他一些狡猾的开发人员构建他们自己的应用程序,例如调用我的 API。
I understand having done some research that the best way would be to have users log in to my app and then authenticate via Azure AD.我知道已经做了一些研究,最好的方法是让用户登录我的应用程序,然后通过 Azure AD 进行身份验证。 However this is pretty cumbersome for a lightweight app where security is not really an issue and no individual user data is passed.然而,对于一个安全性不是真正问题并且没有个人用户数据被传递的轻量级应用程序来说,这非常麻烦。
Does anyone have a genius example of how this could be done?有没有人有一个天才的例子来说明如何做到这一点? I found this article pretty useful but it didn't really give a solution.我发现这篇文章非常有用,但它并没有真正给出解决方案。 I accept that this is not the most secure method but really it's a risk/reward/effort thing and I'd just like to make it a bit more difficult than at the moment (I'm basically hosting a very nice public API.!).我承认这不是最安全的方法,但实际上它是一种风险/回报/努力的事情,我只是想让它比现在更困难一些(我基本上是在托管一个非常好的公共 API.! )。
Thanks for your help!谢谢你的帮助!
Will将要
Where there is a will there is a way.有志者,事竟成。
You can do some basic filtering that will stop some people, but if there is no authentication from data that's stored outside your application, then there is a way to mimic your application and use your API in a potentially unintended way.您可以进行一些基本的过滤来阻止某些人,但是如果没有对存储在应用程序外部的数据进行身份验证,那么有一种方法可以模仿您的应用程序并以一种可能无意的方式使用您的 API。
This StackOverflow answer is a little bit more in depth, but echoes the same point.这个 StackOverflow 答案更深入一点,但与同一点相呼应。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.