堆栈内存溢出
  简体   繁体   English

How can I restrict my Azure Web App API access to only my Xamarin.Forms app?

[英]How can I restrict my Azure Web App API access to only my Xamarin.Forms app?

 原文  2019-09-21 20:44:34       c#/ visual-studio/ asp.net-core/ xamarin.forms/ azure-web-app-service

问题描述

I am quite an experience Xamarin developer but completely new to backend stuff.我是一位经验丰富的 Xamarin 开发人员,但对后端的东西完全陌生。 I have written an API which has some data, let's say weathers, which my Xamarin.Forms app will query.我写了一个 API 有一些数据,比如说天气,我的 Xamarin.Forms 应用程序将查询这些数据。 All the calls are GET calls so no issues with security but I'd like to restrict the API so that only my app is authorised to make those calls.所有调用都是 GET 调用,因此没有安全问题,但我想限制 API 以便只有我的应用程序有权进行这些调用。 This is to prevent some other wily developer building their own app that calls to my API for example.这是为了防止其他一些狡猾的开发人员构建他们自己的应用程序,例如调用我的 API。

I understand having done some research that the best way would be to have users log in to my app and then authenticate via Azure AD.我知道已经做了一些研究,最好的方法是让用户登录我的应用程序,然后通过 Azure AD 进行身份验证。 However this is pretty cumbersome for a lightweight app where security is not really an issue and no individual user data is passed.然而,对于一个安全性不是真正问题并且没有个人用户数据被传递的轻量级应用程序来说,这非常麻烦。

Does anyone have a genius example of how this could be done?有没有人有一个天才的例子来说明如何做到这一点? I found this article pretty useful but it didn't really give a solution.我发现这篇文章非常有用,但它并没有真正给出解决方案。 I accept that this is not the most secure method but really it's a risk/reward/effort thing and I'd just like to make it a bit more difficult than at the moment (I'm basically hosting a very nice public API.!).我承认这不是最安全的方法,但实际上它是一种风险/回报/努力的事情,我只是想让它比现在更困难一些(我基本上是在托管一个非常好的公共 API.! )。

Thanks for your help!谢谢你的帮助!

Will将要

1 个解决方案

解决方案1
 -1  2019-09-21 20:52:48

Where there is a will there is a way.有志者,事竟成。

You can do some basic filtering that will stop some people, but if there is no authentication from data that's stored outside your application, then there is a way to mimic your application and use your API in a potentially unintended way.您可以进行一些基本的过滤来阻止某些人,但是如果没有对存储在应用程序外部的数据进行身份验证,那么有一种方法可以模仿您的应用程序并以一种可能无意的方式使用您的 API。

This StackOverflow answer is a little bit more in depth, but echoes the same point.这个 StackOverflow 答案更深入一点,但与同一点相呼应。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何截取我的 Xamarin.Forms 应用程序的部分屏幕截图并将其保存到我的库中? - How can I take a partial screenshot of my Xamarin.Forms app and save it into my gallery? 如何从我的 Xamarin.Forms 应用程序将数据发送到 Web ZDB9742387014CA8DE6434ACE7 - How can i send data from my Xamarin.Forms application to a Web API 如何查看我的 Xamarin.Forms 应用程序是否在 Visual Studio 中的 Android 6(或更高版本)上运行或/和可运行? - How can I see if my Xamarin.Forms app is working or/and runnable on Android 6 (or higher) in Visual Studio? 为什么我的 Xamarin.Forms 应用程序在从 Web API 将数据插入到 SQLite 数据库后崩溃? - Why does my Xamarin.Forms app crash after inserting data to a SQLite database from a web API? 有没有办法可以在Xamarin.Forms应用程序中打印出异常的重要部分? - Is there a way that I can print out the important parts of an exception in my Xamarin.Forms app? 我如何将 azure MySQL 服务器与我的 Xamarin 表单应用程序连接? - How i can connect azure MySQL server with my Xamarin forms app? 通过 Z2567A5EC970E067AC23 服务将 Xamarin.Forms 中的我的应用程序连接到 SQL 服务器数据库 - Make the connection of my app in Xamarin.Forms to a SQL Server database through a web service? 我的xamarin.forms应用程序中的UWP无法打开相机? - Camera not open in UWP in my xamarin.forms app? 如果我的属性是数据库中的字符串(xamarin.forms),我如何将颜色传递给我的 UI - How can i pass a color to my UI if my property is a string in my database (xamarin.forms) 我应该在Xamarin.Forms应用程序中使用哪个PCL配置文件? - Which PCL profile should I use in my Xamarin.Forms app?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM