Is it possible to restrict access to REST API built using Web API 2?

Question

I built a REST API using ASP.NET Web API 2, so I could deliver data from a backend database to my applications running on any platform (mobile, web, desktop etc) However up until now, I simply call the website with the controller I need data from and that's it, it sends back the JSON string in the response.

But, the data is kind of special, and there is nothing to prevent another developer from simply calling the controllers and getting back the exact same data and building their own application around it.

My question is - is there anyway to restrict access to the API so that only my applications can get valid response from the server. (i.e. prevent other developers from using my REST API)

I already read these documentation Security, Authentication, and Authorization in ASP.NET Web API I'm just not sure which of these scenarios apply to me, or if any will do what I am asking.

EDIT - Another piece of info, my web service is running on Azure in case it is relevant.

score 0 · Answer 1 · edited May 23 '17 at 12:18

0

Did you happen to check token based authentication?Please go through https://stackoverflow.com/a/38670221/4868839 and https://www.youtube.com/watch?v=rMA69bVv0U8 must be a good to start with.

edited May 23 '17 at 12:18

Community

1
1

answered May 01 '17 at 04:29

User3250

2,961
5
29
61

Lalji Dhameliya · Answer 2 · 2017-05-01T05:01:59.460

there are different way to validate your web api.

Authentication Filters in ASP.NET Web API 2 using you can customise your authentication filter you can refer sample Reference link

Token Based Authentication using ASP.NET Web API 2, Owin, and Identity

//App_Start/Startup class
public void ConfigureAuth(IAppBuilder app)
{
    OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
    {
        AllowInsecureHttp = true,
        TokenEndpointPath = new PathString("/v1/accesstoken"),
        AccessTokenExpireTimeSpan = TimeSpan.FromDays(AppConfiguration.AccessTokenExpireDuration),
        Provider = new SampleOAuthProvider() // class that override your method
    };



    // Token Generation
    app.UseOAuthBearerTokens(OAuthServerOptions);
}

You can find reference from inherits Default implementation of IOAuthAuthorizationServerProvider used by Authorization

i hope it sholud helps you thanks.

Is it possible to restrict access to REST API built using Web API 2?

2 Answers2

Linked