1

I have a requirement where I have to schedule a console application, which fetches certain records from database and calls an ASP.NET web API. Could someone help me with how to restrict the web API to not get called from anywhere else?

Please help me with any useful links, tips, or steps to follow.

SovietFrontier
  • 2,047
  • 1
  • 15
  • 33
Surendra Rayapati
  • 108
  • 1
  • 10
  • You won't be able to restrict who calls your app from within the app - that's a network level problem. However, you _can_ enforce authentication/authorization to callers. What type of authentication are you using? – Daniel Szabo Sep 24 '18 at 23:34

1 Answers1

0

There are a few ways you can lock down access to your application for an rpc call.

You can restrict access via IP with IP filtering.

If you're using windows authentication, you can grant permission to specific AD User or Groups in your web config file.

If you're using forms authentication and basically just need to make an RPC call, you can create an endpoint for your console app which accepts a username/password parameter (using https, of course).

If your setup is more advanced, you can use tokens and ASPNET Identity to limit access.

These are just a few ideas. Basically just google ASPNET security and you'll get a ton of ideas.

Daniel Szabo
  • 7,181
  • 6
  • 48
  • 65