Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

How forbid to use web api services from remote ips? #79


User avatar
0
valeriy created

Is there any way forbid to use web api services by other applications from remote pc? I want that users use site only as angular result from my iis hosting.


5 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    Then you should Authorize your services. See docs: <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Authorization">http://www.aspnetboilerplate.com/Pages/ ... horization</a> You can use module-zero for an implementation of authorization. See sample project: <a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/tree/master/sample">https://github.com/aspnetboilerplate/mo ... ter/sample</a> Documentation is coming soon for module-zero.

    Do you use a login for your application?

  • User Avatar
    0
    valeriy created

    Thank you. Yes, I set all these features. I use login too. I very like your Abp project. Thanks.

  • User Avatar
    0
    hikalkan created
    Support Team

    OK, I guess that I will create a startup documentation with module-zero in a few days. Thanks for using ABP :)

  • User Avatar
    0
    daws created

    Hey !

    In the case where we can have both logged/Anonymous users and that I want to restrict from external ips;

    I think the best way is :

    • an user call the website
    • main page is retrieved & contains the "public user" abpzero (if not logged)
    • any webapi call is marked as "[AbpAuthorize]"

    Do you think this is a good idea to create one generic "public" user used by hundred/thousand of person ?

    If yes, I see this way

    public ActionResult Index()
            {
                if(...) // check if already logged in, otherwise login as "public user
                AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = true }, loginResult.Identity);
    
                return View("~/App/Main/views/index.cshtml");
            }
    
  • User Avatar
    0
    hikalkan created
    Support Team

    You case is strange :) But your solution seems good for me.