Mar 03, 2019 10:25 PM|DA924|LINK
The API is goes to code on one machine, pulls data off another machine, the store proc is in a ROLE specific to a USER ID that only does web API
I am all good on security
If you say you're secure so be it. IMO. if the WebAPI service was being hit by a mobile device, a Windows Desktop solution, being hit by a desktop MAC or Linux client in a client/service scenario and being exposed to the public Internet, then I would
consider using some kind of security to access the WebAPI, if any client mentioned can access the WebAPI over the Internet
If you have a frontend Web server hosting a Web applications such as ASP.NET Web form, MVC, etc. and , etc. hitting a backend Web server hosting the WebAPI on another machine on the protected LAN, I don't see the need for such security. That's IMO and what
I have seen implemented.