Jonas
Reputation: 3283
How to protect Web API called by IdentityServer4
I make multiple calls to a Web API during login operations in IdentityServer4. Same applies during password reset operations which is custom code I have added to the IdentityServer4 project.
So how should I protect my ASP.NET Core Web API when the user isn't yet authenticated via OIDC which implies that there also isn't exist any access token at that stage. I would like to only allow IdentityServer4 to call these Web API methods instead of running unprotected Web API's.
Any suggestions?
Upvotes: 1
Views: 1346
Answers (1)
leastprivilege
Reputation: 18482
You can use this
https://identityserver4.readthedocs.io/en/release/topics/tools.html
to generate your own tokens to call the APIs.
Upvotes: 2
Related Questions
- Protect ASP.NET API with IdentityServer & Bearer
- How to protect API (from unexpected calls) with IdentityServer4?
- How to secure Asp.Net WebApi built in .Net Framework 4.x using IdentityServer4
- Protect multiple APIs with IdentityServer4
- Protecting Web API 2.2 with IdentityServer4
- How to make ASP.Net Core Web API Identity return a 401 on unauthorized
- How to secure Web API without individual logins?
- Protecting multiple API's
- Protecting .NET framework 4.x web API with Identity server 4 in
- How to protect ASP.NET Web API 2