Skip to Content
Menu
Musisz się zarejestrować, aby móc wchodzić w interakcje z tą społecznością.
To pytanie dostało ostrzeżenie
1 Odpowiedz
5625 Widoki

I want a controller that receives a http post with  Name + Value data from SomeRandomServer.  This data is later written to a model.

IE An event occurs, SomeRandomServer sends a POST saying "event has occurred" and a field in a model is written to with "event has occurred".


How do I ensure that the data has actually came from SomeRandomServer and not an impersonator sending similar data? Normally with HTTP routes you can set the auth to user, but in this case the data is not coming from a user, but another api. So how would security be enforced? Can I restrict access to the route by some other means?

Awatar
Odrzuć
Najlepsza odpowiedź

how about you white-list the IP address of whatever server it is running on.

and/or create user for that model, make that api login and post.

to restrict others close it all other HTTP request ie. GET DELETE PUT so regular users won't see it. or give a redirect. only handle POST

Awatar
Odrzuć
Powiązane posty Odpowiedzi Widoki Czynność
0
lip 17
2707
0
mar 17
3082
0
cze 25
2315
3
gru 23
21590
3
kwi 23
34398