是否可以限制对使用Web API 2构建的REST API的访问? [英] Is it possible to restrict access to REST API built using Web API 2?

问题描述

我使用ASP.NET Web API 2构建了REST API，因此我可以将后端数据库中的数据传递到在任何平台(移动，Web，桌面等)上运行的应用程序中.但是到目前为止，我只是简单地调用该网站使用控制器，我需要从中获取数据，仅此而已，它就将响应中的JSON字符串发送回去.

I built a REST API using ASP.NET Web API 2, so I could deliver data from a backend database to my applications running on any platform (mobile, web, desktop etc) However up until now, I simply call the website with the controller I need data from and that's it, it sends back the JSON string in the response.

但是，数据有点特殊，没有什么可以阻止其他开发人员简单地调用控制器并返回完全相同的数据并围绕它们构建自己的应用程序.

But, the data is kind of special, and there is nothing to prevent another developer from simply calling the controllers and getting back the exact same data and building their own application around it.

我的问题是-是否有限制访问API的限制，以便只有我的应用程序才能从服务器获得有效的响应. (即阻止其他开发人员使用我的REST API)

My question is - is there anyway to restrict access to the API so that only my applications can get valid response from the server. (i.e. prevent other developers from using my REST API)

我已经阅读了这些文档安全性，身份验证和ASP.NET Web API中的授权我只是不确定这些方案中的哪一种适用于我，或者是否有任何方案可以满足我的要求.

I already read these documentation Security, Authentication, and Authorization in ASP.NET Web API I'm just not sure which of these scenarios apply to me, or if any will do what I am asking.

编辑-另一则信息是，如果相关，我的Web服务将在Azure上运行.

EDIT - Another piece of info, my web service is running on Azure in case it is relevant.

推荐答案

有多种验证Web api的方法.

there are different way to validate your web api.

1. ASP.NET Web API 2中的身份验证筛选器 使用您可以自定义身份验证过滤器 您可以参考示例

1. Authentication Filters in ASP.NET Web API 2 using you can customise your authentication filter you can refer sample Reference link

2. Token Based Authentication using ASP.NET Web API 2, Owin, and Identity

//App_Start/Startup class
public void ConfigureAuth(IAppBuilder app)
{
    OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
    {
        AllowInsecureHttp = true,
        TokenEndpointPath = new PathString("/v1/accesstoken"),
        AccessTokenExpireTimeSpan = TimeSpan.FromDays(AppConfiguration.AccessTokenExpireDuration),
        Provider = new SampleOAuthProvider() // class that override your method
    };



    // Token Generation
    app.UseOAuthBearerTokens(OAuthServerOptions);
}

您可以在我希望它可以帮助您.

这篇关于是否可以限制对使用Web API 2构建的REST API的访问?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！