There is a requirement to have a common web api application to service 3 different MVC web applications. These client web applications have their own databases and own authentication implementations. How do we configure the web api application to provide access to a set of APIs to web app 1 alone and deny to all other web apps, similarly for web app 2 and so on? In other words, is there a way to 'register' each web app with the web api service and also build in a mechanism through which the web app is only allowed access to a set of endpoints? Thanks for all the help..
There are a handful of ways of solving this
Host multiple WebAPI servers in a single process to effectively meet your requirement while making your project easier to organize
Use Authentication and Authorization filters to customize how requests are accepted, denied, and routed
Using a router and/or switch at the hardware level, create a blacklist/whitelist combined with a reverse proxy (beware of MAC spoofing, etc, with this solution)
Use dependency injection to add abstraction to the process and to remove the ability to specify a custom endpoint in an unintended manner programmatically; this solution will only work if you control the client code, however
From the sound of it, the issue you're describing doesn't seem like one regarding the visibility of the endpoints, but of the access control to leverage them. If I'm wrong, please let me know in a comment and I'll update my answer.
Related
I have a .NET MVC web app and I will be exposing a handful of endpoints which should only be hit by certain authorized internal applications. I'd like to achieve this via some form of mutual authentication, so that the web service can verify the caller's identity.
Many solutions I've seen for this seem to rely on IIS-level configuration and thus would seem to apply globally to the web service and not just to specific endpoints.
To make things more complex, all internal requests in our system pass first through an ARR reverse proxy for routing/load balancing. Because ARR provides routing, I'd prefer to keep everything over HTTP to avoid the need for a separate routing mechanism other than ARR to locate machines
How can I configure some form of mutual authentication for such a scenario?
If the caller is also a windows .NET app in the same windows domain,
i would expose the endpoints over WCF and not an MVC app.
Then configure the WCF endpoints to use windows authentication, and use WCF`s support for role based authorization. (attribute based for simple cases)
There's documentation for how to achieve this here.
We are starting a project which will consist in:
Web project (ASP.NET MVC)
IOS app
and both will consume data from a .NET WEB API service.
The WEB API service will expose a POST Method with the url "user/create". But i don't know how can i avoid another apps for making post to this url? I know i need a security protocol, but i wanted to know which one you recommend me, and if you have, an article where is it explained.
Thanks
web api 2 provides oauth authentication. You will need to get a token from the token end point of web api and pass that token in subsequent requests.
You should find lot of online resources if you search for web api 2 oauth.
We did something similar recently using OWIN OAuth 2.0 Authorization Server
Reference this ASP.NET page for details. Sample code is included as well for several different implementations.
For our purposes, we used the Client Credentials Grant section about half-way down the page. Our implementation involved server-server OAuth (Web API to MVC), but I bet it's pretty similar to have iOS connect. The only thing I would caution is to somehow encrypt the login credentials on the iOS side, and I'm sure there is a way to do that.
So you want the WebAPI to only be used by the MVC page? The best architectural method is to separate the two rather than leave both in one project. Why? Because the MVC app is a experience layer for humans. The WebAPI is an experience layer for the MVC app. Move it back where it can't be accessed.
You can add on tokens, etc, but the MVC app sits on the server, but is accessed on the client computer. The wider the scope of the application (ie, intranet or internet or something in between?), the more difficult the problem and the harder it is for your users to access the application. Moving the WebAPI internal and leaving the MVC app exposed guarantees external users cannot use the API.
The main reason WebAPI and MVC exist together in a single project (still a mistake in most instances, IMO) is you are exposing both to the same audience. If that is not your intent, don't do it.
My goal is to create a service that will allow someone to register their own domain (so, many domains being used), and have that domain point to a specific service/template within a single web application.
Is this possible using URL rewriting or some other method? I want to have a vanity domain that would essentially act as the unique identifier within my application...
So instead of www.myapplicationdomain.com/site/1 and www.myapplicationdomain.com/site/2, i could allow a vanity domain that my application would utilize.
www.customwdomain.com = application/site/1
www.bettercustomwdomain.com = application/site/2
Is this possible, or would i essentially have to dynamically create new websites in IIS and drop files in those folders that the domain would point to? I know IIS can support multiple websites on the same host, but I was trying to take it a step further.
I guess my question is very similar to this question:
IIS with multiple domains on one single web application
Some considerations:
Trying to make this work on Azure shared hosting
I don't want to use sub-domains
I want the vanity domain to always be in use (e.g. not a redirect)
It is possible.
We have an Ecommerce web application that has many web domains being pointed to it, each with their own unique interface. This is entirely dependent on technologies of the Apache software foundation, and I'm not aware of a way to do this without a web server sorting out domains for the application.
We rely on Apache HTTP server for Virtualhost configurations (the listener & configs for each domain), and for serving static content.
We rely on Apache Tomcat for the single Java app that displays most of the interface and functionality. The Apache HTTP server is configured to pass relevant traffic to the Java app.
Configure multiple custom domains to an web-app and then add application gateway at the front of the application. Now based on the application url redirect to the updated url of the website.
Good old Microsoft documentation at it's finest. Does anyone know of any resources that explains how to deploy Web Api with Asp.net Web Forms application. I have the web api in a separate class library and I call using jquery. I don't want anonymous users to be able to access this service only the application. Do I want to use self hosted? How do I lock the service down? Awesome examples showing how to use, tons of videos but nothing on deployment.
You don't have the right architecture for what you are describing, but what you have is right.
If you are calling web services from the client side (using jquery) then your web service must be public facing.
What you are describing is a web or WCF service in a service oriented architecture. That service would most likely live on a different server and be on an internal network, etc. Even if it's on the same server your requirement is that it is not publicly accessible - thus none of your jquery would work since that request is being initiated by the user and users can only make requests to public facing services.
The comments about using forms authentication to protect your service calls are right. jQuery will include the forms authentication cookie for you when it makes AJAX calls so you shouldn't have to change much on the client side.
I am starting development of the new project and since I am new in the WCF world I want to ask your advice.
I am going to implement web-service which will provide data for WPF client and for ASP.NET site. Web site and web service should be hosted in the Windows share hosting (not didicated server) and this fact is bothering me. WPF client and web site will provide almost the same functionality for the user, so I want to implement all logic inside web service not to duplicate it in the client and web site.
Not sure what is the best way to implement such web-service - REST, SOAP or something else? Please, help me with selecting technology for web-service creation, I just want to get direction for optimal solution. 10x.
Update: Sorry I did not wrote details. Service will be something like on-line shop with admin panel, so web service will be used for getting products and for adding new product to the system. It does not support tons of customers, it's just solution for small web-shops.
since you are developing a Web based solution and a WPF client, i would recommend the following options for your WCF services:
REST Option - This option is good if you have some complex Ajax architecture on the client using Json and stuff, or if you want to expose your services publicly. In this case the option is to expose an HTTP endpoint using webHttpBinding on your service. Since your deployment will be on a shared web server, you can host your service inside IIS. I would recommend considering a SSL option for security.
Soap Option - This options is the easy one, and should be more familiar to most developers, since it acts like a usual web service. In this case i would use an HTTP endpoint with wsHttpBinding on the service for enhanced security. Since your deployment will be on a shared web server, you can host your service inside IIS. I would recommend considering a SSL option for security.
Whatever solution you choose you will be able to accomplish your goal to have simple SOA architecture in place and will have centralized services for your CRUD operations.
I hope this answered your question.