Is there a way to Make Web API method Internal?

Question

The document I have received mentioned Validate Security Token is an internal function. Also said it is not exposed to external consumption of web service users. Could you please give me an idea about this requirement and how to implement the web method?

Answer 1

Use the CORS attribute to decorate the specific method which you want to be acccesible for a given domain. Configure that domain as a policy in your appsettings.

[EnableCors("restricted-domain-policy")]
public Task<IActionResult> PostUserReport()
{
     // your internal/domain specific
}

There's a reverse way too like using

[DisableCors("external-domain-policy")]

you can configure in startup.cs as two diferent policy settings.

services.AddCors(feature => {
            feature.AddPolicy(
                "restricted-domain-policy",
                builder => builder
                                .SetIsOriginAllowed((host) => true)
                                .AllowAnyHeader()
                                .AllowAnyMethod()
                                .AllowAnyOrigin()
                                .AllowCredentials()
                            );
        });

services.AddCors(feature => {
                feature.AddPolicy(
                    "external-domain-policy",
                    builder => builder
                                    .SetIsOriginAllowed((host) => true)
                                    .WithHeaders()
                                    .WithMethods(<your method array>)
                                );
            });

You can explore the WithHeaders(), WithOrigin() etc in either of the policies to configure accordingly.

Answer 2

internal is an access modifier in c#, you can write a method by using internal. In this way it will not be exposed outside,

internal bool ValidateToken()
{
   //Your business logic
}

From MSDN:

internal: The type or member can be accessed by any code in the same assembly, but not from another assembly.