Last post Dec 03, 2014 06:50 PM by SandeepC.ST
Dec 02, 2014 03:45 PM|SandeepC.ST|LINK
How can I restrict access to Account apis to parties I want? I don't want the whole world to register and start using my apis.
Dec 03, 2014 06:10 AM|Michelle Ge - MSFT|LINK
According to your description, you want to make some restrict for API. I don't know information about your requirement. But I think you need to give more information about your requirement.
For example, if you want to restrict the Ip address, then you need to add the Ip as the parameter to the API, then you can check the IP in the API code behind.
Hope it's useful for you.
Dec 03, 2014 03:37 PM|SandeepC.ST|LINK
Our webapis are for developers who will be using them to integrate their products with ours. These apis will be hosted on web servers and we don't want anybody to register and start using them. We want some control over who can access these apis. We are
going to use client side certificate in one scenario but we also have asp.net OWIN in there and we just want to control the use of registration api so that it is not open for abuse.
Dec 03, 2014 06:50 PM|SandeepC.ST|LINK
What if webapi can only get a token, call logout and change password apis, and there is another app that is not exposed to the outside world and this is used for registering a user.
This should do the trick. Are there any security issues anyone can point with this scheme?