I have an ASP.NET Core MVC API hosted in an Azure App Service. The API has several endpoints. Is it possible to expose only one of the endpoints to the internet, but keep the rest of the endpoints locked down and only consumable by clients from restricted IP ranges?
Asked
Active
Viewed 54 times
1 Answers
1
You could write a custom middleware that blocks requests that are not part of a set of whitelistet IPs (using HttpContext.Connection.RemoteIpAddress). To allow certain endpoints you could tag your controller / methods with a custom attribute and skip the IP check for them.
Here is an example how you can implement the middleware.
Martin Brandl
- 56,134
- 13
- 133
- 172