I have a WebApi 2 API whose URL I want to keep private/internal. I also have an ASP.NET MVC 5 project which will use this API using JavaScript. What I would like to do is create a single controller action for every API request made by AJAX. The AJAX request should be made to this controller action, the action should decide which API endpoint it should call, make the request and return the result. I want to accomplish this with a single action since I don't want to have duplicates of the endpoints in the API in the MVC project. Very similar to what System.ServiceModel.Routing.RoutingService does for WCF. How can I accomplish this?
Related
So, I have an API in Azure-API-Management, which is attached to a function. I want to expose one the method in API as Web-hook for another application CRM. It will be an inbound web-hook.
Is it possible ?
A webhook endpoint is like any other HTTP endpoint that usually expects a POST request from an external system. So, yes.
Depending on the CRM Application, you could leverage APIMs built-in security features to authenticate the webhook call without having to validate credentials in your function as a bonus for using APIM.
I'm building an externalized API for developers who want to develop their own app based on our API. Here is my question; the API provides the ability to let other developers make external requests to our server, but should we handle the same request in same route for local and external request for same function?
For example:
we have a login route in API /api/v1/login this route provides the ability to make login request to this API in other site but when our local site want to let user login should we use the same path /api/v1/login or we should make another route for local request /auth
Is there any security issue if using the same route for the external request?
The main security issue would be that there wouldn't actually be a difference between your external API and your "local" API. If both are using the same paths to do the same things, and are using the same backend functionality to do so, they aren't different. This isn't really a security problem so long as you are still properly controlling API access appropriately, i.e. through API keys, though your client would have to use those same access controls.
I am working on Logic apps with HTTP Listener and tried with the below option rather creating API Controller. Referring below URLs
https://azure.microsoft.com/en-us/documentation/articles/app-service-logic-http-endpoint/
I created a Logic App with "HTTP Request" and do the processing and send the response back to caller. It is working as expected.
but one thing i just wanted to know is , when i create HTTP Request, it provides default URL like below,
https://prod-****.logic.azure.com:443/workflows/*******69a5b764/triggers/request/run?api-version=2015-08-01-preview&sp=%2Ftriggers%2Frequest%2Frun&sv=1.0&sig=*****2MCOoTKZU
Shall we define Custom URL instead default one, like below
Please advise.
There are two different approaches you can hide the original Logic App URL:
Using Azure API Management (APIM)
Using Azure Functions Proxy (AFP)
Through APIM or AFP, you can hide the SAS token part of querystring, sp, sv andd sig, as well as the api-version parameter. Those parameters can be passed through the request header.
By doing so, you can use your own custom URL and hide the SAS token. I've written a blog post about this: https://blog.mexia.com.au/securing-sas-token-from-azure-logic-apps
If it was WCF Project,I usually see all avalible service methods by typing url
....some.svc/help
But in WEB API 2 how I get all such possible methods.
My ASP.NET MVC application is using Forms authentication with [System.Web.Mvc.Authorize] . I would like to use [System.Web.Http.Authorize] attribute to protect my Web API controller and because i'm calling it with HttpClient from my MVC controller I've have implemented a custom delegating handler like the one in the following post:
ASP.NET MVC 4 Web API Authentication with Membership Provider
When debugging i can see that the principal is set and the user has right roles but still I'm being redirected to the login page?
So basically when i log in and visit the WebAPI action with browser everything works (as would if i use AJAX from my views), but when i use HttpClient inside my controller (which i know is a new request with different context) with Basic authentication and set the principal i always get redirected.
I've tried so many solutions/workarounds and i'm always redirected to login page.
Anyone has an idea.
Here's an explanation:
System-web-http-authorize x System-web-mvc-authorize
Another interesting point is you use your custom authorization. I did it and it worked. Following example:
Customized authorization Mvc 4
Good Luck