当前位置: 动力学知识库 > 问答 > 编程问答 >

rest - How to force to make a call to a restful service through http client?

问题描述:

Considerations:

First of all, I'm looking for a programmed/automated solution, not a -personal- solution. I'm afraid that this question has not a direct answer because technology, so I'll check any workaround to make this validation.

Scenario:

I've a public RESTful service that my customers (third party applications) can consume.

It has authentication basic (in the header) and the POST has a parameter that contains a cyphered string in SHA-256 with the data sent in the other parameters, in order to validate the data.

This cyphered string is made by a hash-key provided by me, for every customer, because some customers are competitors between them.

Anyway...

Problem:

Some customers are hitting the service directly from ajax, instead using a server-side http client. They are using the hashkey and the user/pass inside a javascript and beware my recommendations, there were no changes in their code. Because of this, we are not enabling them in our production environment.

Question:

It's possible (and how can I do it?) validate if the call is from server-side without checking the URL referer?

Just as comment, I'm using Web Api 2.2 in C#, but I think I could handle making the code myself, so any answer without code will be useful anyway.

I'm afraid that there is not exists any answer, because the clients are the same, but any some workaround or idea will be preciated.

Sorry for my english and my poor knowledge in HTTP clients.

网友答案:

If you could describe why it is a problem that customers are using ajax - would be easier to guess general solution. For example you can create registration service where your customer must specify their IPs so you can whitelist them, or you can create client auth library which all customers should use.

分享给朋友:
您可能感兴趣的文章:
随机阅读: