AbpServiceProxies/GetAll exposed for public, We need to secure it #11601

samara081 created one year ago

We have MVC with .Net Core 6. Aspnet zero 11.4

Our security team raised security issue that AbpServiceProxies/GetAll for dynamic APIs is exposed for public. and we have to make secured just for authenticated users. Is there any way to make it secured without affecting the system

Thanks

1 Answer(s)

0

ismcagdas created one year ago
Support Team

Hi @samara081

Unfortunately securing this endpoint will cause some problems. Output of this endpoint is used by not authorized pages. If you still want to do this, you can create a copy of https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.AspNetCore/AspNetCore/Mvc/Proxying/AbpServiceProxiesController.cs and prevent access to existing AbpServiceProxies controller by writing a custom middleware.

Have an answer to this question? Log in and write your answer.