问题
We're building a cross-platform app using Ionic and using ASP.NET Core WebAPI hosted on azure. We are using Identity authentication system but we need to restrict access to this API to our application. So if other apps or sites try to access the API they will be blocked. Please note:
- The webapp is SSL secured
- I have been told that sending a shared code is not useful as it can be taken from the binary
Kindly give me your suggestion to solve this problem.
回答1:
As requested, here is a shell of a Authorization Filter. We send a JSON object that is serialized and encrypted.
Public Class XxxxxxFilter Inherits AuthorizationFilterAttribute
Public Overrides Sub OnAuthorization(actionContext As System.Web.Http.Controllers.HttpActionContext)
Dim authHeader As System.Net.Http.Headers.AuthenticationHeaderValue = actionContext.Request.Headers.Authorization
If authHeader IsNot Nothing Then
'... then check that its set to basic auth with an actual parameter ....
If String.Compare("basic", authHeader.Scheme, True) = 0 AndAlso String.IsNullOrWhiteSpace(authHeader.Parameter) = False Then
Dim cred As String = Encoding.GetEncoding("iso-8859-1").GetString(Convert.FromBase64String(authHeader.Parameter))
' validate the cred value however needed
' you want to exit at this point if all is ok
End If
End If
' ... if we get this far then authentication has failed
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized)
End Sub
End Class
来源:https://stackoverflow.com/questions/42510675/limiting-accessing-web-api-to-application