API Should not Externally Accessed from Postman / Browser Asp.Net Core | API Should be accessed from JQuery Ajax of Same Website Only Asp.Net Core 3 or Above
At Controller Validate Using ;
[ApiAuthorize(new string[] { "https://localhost:7161/", "http://xyz.com" })]
public class FarmerRegLoginController : Controller{
----------------------------------------------
----------------------------------------------
Some Controller APIS Code
----------------------------------------------
----------------------------------------------
}
Create New Filter
public class ApiAuthorizeAttribute : TypeFilterAttribute
{
public ApiAuthorizeAttribute(string[] origins) : base(typeof(ApiAuthorizeFilter))
{
Arguments = new object[] { origins };
}
}
public class ApiAuthorizeFilter : IAuthorizationFilter
{
readonly string[] _origins;
public ApiAuthorizeFilter(string[] origins)
{
_origins = origins;
}
public void OnAuthorization(AuthorizationFilterContext context)
{
if (_origins == null)
return;
string referer = context.HttpContext.Request.Headers["Referer"].ToString();
if (string.IsNullOrWhiteSpace(referer) || !_origins.Any(origin => referer.StartsWith(origin, StringComparison.OrdinalIgnoreCase)))
{
ClsForbidResult clsForbidResult = new ClsForbidResult();
clsForbidResult.StatusCode = 500;
clsForbidResult.StatusMessage = "Not Allowed";
var json = new JsonResult(clsForbidResult);
context.Result = json;
StatusCodeResult statusCodeResult = new StatusCodeResult(500);
statusCodeResult.ExecuteResult(context);
}
}
public class ClsForbidResult
{
public int StatusCode { get; set; }
public string StatusMessage { get; set; }
}
}
Comments
Post a Comment