0

I have mu backend application in asp.net web api (frontend is angular 8 app)

i have method in controller:

[RoutePrefix("Payment")]
    public class PaymentDeadlineController : ApiController
    {
        DKServiceClient DkService = new DKServiceClient();
        SrvPartlyPayment PartlyPayment = new SrvPartlyPayment();

        [Route("GetNotified")]
        public void GetNotified()
        {
            DkService.SrvC_CPCheckIsActive();

        }
    }

How to prevent entering this method GetNotified() when someone opens browser and types http://HostedLocation/Payment/GetNotified in the url?

Drasko
  • 17
  • 3
  • 1
    What is the issue when someone would try that? – VDWWD Jan 31 '20 at 13:34
  • It depends on how strict you want it to be. You can set up a CORS policy in your .Net Code so that only requests coming from a specific origin (server) will reach your endpoint. Origins can be spoofed, but your average person wouldn't know how to do it. Beyond that, you should look into authorizing your apps with an OAuth provider or your own Identity Server 4 implementation since you're already familiar with .Net. – Kyler Johnson Jan 31 '20 at 13:47
  • Does this answer your question? [How to secure an ASP.NET Web API](https://stackoverflow.com/questions/11775594/how-to-secure-an-asp-net-web-api) – Andrei Dragotoniu Jan 31 '20 at 14:04

1 Answers1

-1

If you are looking to secure your API from unauthorized access, You can add [Authorize] attribute in the web api controller and enable Authorization for your API in your startup.cs.
Your front end application can send request to API along with a token issued by your identity provider to API and get response, while other anonymous users will not have token and hence cannot invoke your method using browser or any other tools like postman.

Bob Ash
  • 837
  • 9
  • 11