Click here to Skip to main content
15,888,527 members
Search within:


How do I make API open for internal and secured from external
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
REST
API
.NET-Core
Hello,

I have one .Net core project for API and I have requirement of External and Internal API usage. In simple word I need to make API open for internal users and secured for external users. When internal user hit the endpoint it should not asked for any type of credential but if external user hit the endpoint API should asked for the security.

How can I achieve this?

What I have tried:

I have tried to explore azure services but can't figure out.
Posted
Updated 22-Jan-20 2:08am
Add a Solution
Comments
F-ES Sitecore 22-Jan-20 4:58am    
What do you define as an "internal user" and an "external user"?
Ankur Ramanuj 22-Jan-20 5:27am    
That's a main question roaming in my mind
1) How to identify user
2) How to prevent on single url
F-ES Sitecore 22-Jan-20 5:38am    
What do *you* consider an "internal" user to be and an "external" user? These are not terms with standard definitions so your concept of internal and external might differ from someone else's.
Ankur Ramanuj 22-Jan-20 6:16am    
Internal user meant to me is users from my organization or in other words in house developers.
External users are some one to whom I sell my APIs. means someone outside the organization.


Main goal is when in house developer call API they don't need to pass anything like credential but someone outside the organization try to call the same API they need some verification like authentication.

How can I achieve this?

1 solution

There are a couple of possibilities to use.

The first method would be based on some sort of IP Filtering.
1. API will need to be written to require an authentication token.
2. Incoming requests would be intercepted before the endpoint, and if the incoming request matches your corporate IP Address you could inject a fixed token, so they would not need to authenticate.
I personally think this is a set of hacks and bandages and do not recommend

The second method would be to create separate endpoints for the internal and external users; one needing authentication and the other does not. These two would be simple wrappers calling the main API methods.
 
Share this answer
 
Posted
Comments
Richard Deeming 22-Jan-20 12:43pm    
Of course, an unauthenticated endpoint without any restriction on who could call it would be "security by obscurity". And we all know how "secure" that is! :)
MadMyche 22-Jan-20 14:07pm    
While I do not condone these types of things; and will fight against them, sometimes it is just what we find out there.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How to make a a secure oauth2.0 API call in dynamics 365
Custom Dialog window, external files to make troubles, works only internal atm
Make a C# call to "C" DLL function(api) work.
Worker and external api, make web loading very slow
How do I make a login to services, an API, and an administrative access in ASP.NET?
'brcc' is not recognized as an internal or external command, operable program or batch file.
Securing an C++ API with POCO
How do I pass jquery datatable post parameters to an external ASP.NET CORE web api
How Do I Make A Web Crawler That Works Through Desktop Application, That Application Would Separate Internal And External Links
How to do https binding and http binding for a internal and external url in IIS 7.5?

Advertise
Privacy
Cookies
Terms of Use
Last Updated 22 Jan 2020
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900