I have a windows application which shows web page hosted in a website. Because of confidentiality, I don't want to show URL to the user. As this website is hosted on IIS and so user can access website directly through browser if he/she knows URL.
How can I block access of website via browser but not through windows application?
P.S. this website is third pary product hosted on my machine and I cannot do any code change into it.
If you can't make any code changes to the website, it will not be possible to block access based on which system is calling the URL using IIS alone.
One approach would be to put the webserver behind a firewall and implement an authentication / authorization mechanism between your application and the firewall.
Related
I have a RESTful API which is running in a Linux docker image on AWS ECS. This API needs to be called by a desktop application (C# fat client deployed via ClickOnce) which is using Windows authentication to identify the users.
Currently although it's behind our firewall I can't identify users who call the API. I looked into OIDC but it's not an option because it requires a redirect URI to callback with the access_token which can't really happen on a desktop application.
How can I identify the users who are calling the API from their desktop app and validate they have the correct group claim which would grant them access when calling the API?
In terms of considering OIDC as an option; depending upon your set-up, I would have thought that you should be able to embed a browser (/WebView) like User-Agent within your desktop app, that can then/finally pass-back the resulting OIDC info/tokens, back to the/your hosting/underlying app (?).
I have WPF application(.exe), which was hosted in my remote web server.
Now I want to access WPF application from my web page by clicking respective link.
Response.Redirect(WPFLaunchUrl);
By using this, I am able lunch application in IE. But whenever I am using Google-Chrome then application downloading into my local system instead of running application from Hosted URL.
Could you please suggest me on this.
I have a website that is being hosted on IIS 7 that communicates with a Ingenico signature device via a windows service. When I was originally testing the site functionality on my local pc, the site would open and I would click the button that triggers a GetSignature() method. This method uses HTTPWebRequests and HTTPWebResponses to open a connection to the signature device, claim the device, prompt signature, retrieve signature, release the device, and close the connection.
Here is a small snippet of code used:
GetSignatureCodeSnippet
The following HTTP requests use the session-id from this cookie for a single transaction. When running this locally, I had to set my browser to allow third party cookies otherwise, a session-id was never stored and you get Http404 errors.
Where I am having trouble is I have added all the functionality to my site and updated my test site to include this new functionality. The test site is hosted on IIS 7. When trying to communicate with the signature device, I am now getting Http404 because it is not allowing the third party cookie. How/Can I configure IIS to accept the third party cookie from the windows service?
I have a web application done in razor and i want to convert it to a normal client application. So what i thought of is to self host that web application and serve it through WebControl in WinForms, i already done this using owin. However the self hosted application can also be accessed through a browser or any external machine if privileges are given. My question here, how to prevent any external browser from accessing my self hosted owin web app, and still connect through the my client's internal browser ?
I have a webservice that's behind form's authentication. The site that hosts the service also serves as a site that requires a user to log in via the login page.
I have a second site that needs to be able to access the service that the first site hosts. However, when attempting to access the service, it fails because the service requires that the user is logged in.
The first site is on a seperate server than the second site, but both sites are on the same subnet. Thus far the only way I have found to have the second site access the first sites service is to allow all users via a web.config setting specific to the directory that hosts the services .ASMX file. This is not acceptable because it leaves the door wide open to anyone who knows the .ASMX file directory.
I have attempted to mix and match windows authentication and use impersonation to access the web service, but according to microsoft, you cannot mix and match authentication types, and through personal trial, you can indeed not.
I'm looking for any helpful tips to help me accomplish this goal at a minimal reconfiguration of my two sites.
Thanks,
George
I implemented the solution by adding custom security to the headers on the SOAP packets. This allowed me to mix and match my security at a minimal reconfiguration to the service.