Open Closed

How forbid to use web api services from remote ips? #79


0
valeriy created

Is there any way forbid to use web api services by other applications from remote pc? I want that users use site only as angular result from my iis hosting.


5 Answer(s)
  • 0
    hikalkan created

    Then you should Authorize your services. See docs: http://www.aspnetboilerplate.com/Pages/ ... horization You can use module-zero for an implementation of authorization. See sample project: https://github.com/aspnetboilerplate/mo ... ter/sample Documentation is coming soon for module-zero.

    Do you use a login for your application?

  • 0
    valeriy created

    Thank you. Yes, I set all these features. I use login too. I very like your Abp project. Thanks.

  • 0
    hikalkan created

    OK, I guess that I will create a startup documentation with module-zero in a few days. Thanks for using ABP :)

  • 0
    daws created

    Hey !

    In the case where we can have both logged/Anonymous users and that I want to restrict from external ips;

    I think the best way is :

    • an user call the website
    • main page is retrieved & contains the "public user" abpzero (if not logged)
    • any webapi call is marked as "[AbpAuthorize]"

    Do you think this is a good idea to create one generic "public" user used by hundred/thousand of person ?

    If yes, I see this way

    public ActionResult Index()
            {
                if(...) // check if already logged in, otherwise login as "public user
                AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = true }, loginResult.Identity);
    
                return View("~/App/Main/views/index.cshtml");
            }
    
  • 0
    hikalkan created

    You case is strange :) But your solution seems good for me.