I have to create a endpoint that will use used by a 3rd party. We use identity server when people log in to our application. What do I need to do to only allow access to this 3rd party to call the endpoint? I dont want just anyone to be able to call the endpoint. For example, if I gave you my endpoint URL and you used postman to post to it, I would only allow you if you were authorised
I think you need to enable CORS (Cross-Origin Requests) as outlined by Microsoft here .
For example, you would decorate your controller as so:
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Cors;
namespace WebService.Controllers
{
[EnableCors(origins: "http://mywebclient.azurewebsites.net", headers: "*", methods: "*")]
public class TestController : ApiController
{
// Controller methods not shown...
}
}
There are a number of ways to secure an ASP.NET web app/api.
I typically use a SQL user store or active directory and issue JWT tokens. A nice guide can be found here.
https://jonhilton.net/2017/10/11/secure-your-asp.net-core-2.0-api-part-1---issuing-a-jwt/
Here is the documentation for identity server - as you mentioned you wanted to use that - about this very topic.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.