aas
Reputation: 197
C# web api request allow only for listed domains
I have web api hosted on api.domain.com and my app is in app1.domain.com and app2.domain.com
I want to allow api.domain.com should be accessed only from app1.domain.com and app2.domain.com
how to achieve this? I have tried with allow access control but i don't want to show the allowed domain's in browser cosole
and also when i access api.domain.com through browser should show 403 - Forbidden: Access is denied.
Please help
Upvotes: 0
Views: 4764
Answers (2)
Pankaj Kapare
Reputation: 7812
You can use IP and Domain restrictions features of IIS. This feature needs to be installed explicitly.
Upvotes: 0
Bret Lipscomb
Reputation: 499
More specifically to my comment above. You have to enable CORS support for the api endpoint controller.
- Add CORS to the VS project
- Then use the
[EnableCors(origins: "https://app1.domain.com,https://app2.domain.com")]attribute on the controller.
Upvotes: 1
Related Questions
- How do you restrict requests so they only work if it is accessed by a specific domain
- Asp.net Webapi Check originator's domain
- WEB api 2 getting client domain that is requesting
- How can I give Web API access to a certain domain/url?
- Allow only requests from local machine in WebAPI 2
- mvc web api only allow requests from same server
- Only allow certain domain to access web api
- Exposing domain logic in webapi
- HttpWebRequest check for allowed domain
- How to limit the domains that can call my page/web service