限制访问Web API到应用程序 [英] Limiting accessing Web API to application

问题描述

我们正在使用Ionic构建一个跨平台的应用程序，并使用在azure上托管的ASP.NET Core WebAPI。
我们正在使用身份验证系统，但我们需要限制对我们的应用程序的API的访问。因此，如果其他应用或网站尝试访问API，则会被阻止。请注意：

We're building a cross-platform app using Ionic and using ASP.NET Core WebAPI hosted on azure. We are using Identity authentication system but we need to restrict access to this API to our application. So if other apps or sites try to access the API they will be blocked. Please note:

• 网络应用是SSL安全的


• 我被告知发送共享代码
  没有用，因为它可以从二进制文件中获取

请告诉我你解决这个问题的建议。

Kindly give me your suggestion to solve this problem.

推荐答案

根据要求，这是授权过滤器的shell。
我们发送一个序列化和加密的JSON对象。

As requested, here is a shell of a Authorization Filter. We send a JSON object that is serialized and encrypted.

公共类XxxxxxFilter
继承AuthorizationFilterAttribute

Public Class XxxxxxFilter Inherits AuthorizationFilterAttribute

Public Overrides Sub OnAuthorization(actionContext As System.Web.Http.Controllers.HttpActionContext)

    Dim authHeader As System.Net.Http.Headers.AuthenticationHeaderValue = actionContext.Request.Headers.Authorization

    If authHeader IsNot Nothing Then

        '... then check that its set to basic auth with an actual parameter ....
        If String.Compare("basic", authHeader.Scheme, True) = 0 AndAlso String.IsNullOrWhiteSpace(authHeader.Parameter) = False Then

            Dim cred As String = Encoding.GetEncoding("iso-8859-1").GetString(Convert.FromBase64String(authHeader.Parameter))

            ' validate the cred value however needed
            ' you want to exit at this point if all is ok

        End If

    End If

    ' ... if we get this far then authentication has failed 
    actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized)

End Sub

End Class

End Class

这篇关于限制访问Web API到应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！