使后端API仅可通过Azure API管理访问 [英] Make back end APIs only accessible via Azure API management
问题描述
我在Azure中部署了多个Web API,但未应用身份验证,因此任何可以访问Internet的人都可以访问Web API.
I have multiple Web APIs deployed in Azure without applying authentication, so anyone has access to internet has the access to the Web APIs.
现在,我想对Web API应用身份验证,而不是在不同的Web API中实现相同的身份验证逻辑,我发现Azure API网关(API管理)是一个潜在的解决方案.
Now I would like to apply authentications to the Web APIs, instead of implementing the same authentication logic in different Web APIs, I found Azure API gateway (API management) is a potential solution.
借助Azure API管理文档,我了解到我可以应用诸如 validate-jwt
之类的策略来验证对后端Web API的请求.但是,后端Web API的端点仍可供用户使用.
With Azure API management documentation, I learned I can apply policies like validate-jwt
to authenticate requests to back end Web APIs. However, endpoints of the back end Web APIs are still available to users.
那么,我应该如何隐藏它们?我必须定义一个子网还是Azure API管理具有此功能?
So, how should I hide them? Must I define a sub network or does Azure API management have a feature for this?
推荐答案
最近我也遇到了同样的问题.最后,我通过使用"IP限制"功能找到了解决方案.请参阅以下步骤:
Recently I also had this same problem. Finally I found the solution by using 'IP Restrictions' function. See the following steps:
1)转到Azure门户中的"API管理概述"页面,复制VIP.
1) Go to your API management Overview page in Azure portal, copy the VIP.
2)在您的Web APP中>联网
2) In your Web APP > Networking
3)粘贴到您的VIP中
3) Paste in your VIP
这篇关于使后端API仅可通过Azure API管理访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!