Reputation: 5167
ASP.NET WEB API 2 Security advice
I currently have an ASP.NET MVC and ASP.NET WEB API 2 project (both types of controllers are included in the same project).
I want to ensure that a user cannot directly make a call to the Web Api and get raw data (such as http://domain/api/myaction). However, the Api methods should have the ability to be called by jquery via AJAX, and MVC Controller Actions should also be able to call the Web Api Actions (in cases where the initial View should be rendered with some data that came from the API).
What is the best approach to do something like this, or am I looking at this the wrong way?
Upvotes: 0
Views: 142
Answers (1)
Reputation: 1964
There is no difference between Ajax call and "direct" call. What you should do in any case of actions controller, is validate the request via token or whatever authentication method you have established.
If you are using Microsoft authentication you only need to add the [Authorize] tag above your controller/action.
https://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute(v=vs.118).aspx
Upvotes: 2
Related Questions
- How to protect a Web API using ASP.NET 5 MVC 6
- Recommended way to secure ASP.NET 5 Web API application
- Web security for 'special' API
- Security between .NET MVC and WEB API
- how to secure a Web Api
- How to approach this Asp.Net web api security issue
- webapi security for single client (consumer)
- How to protect ASP.NET Web API 2
- How should I secure my SPA and Web.API?
- Security in Web Api