Tag Archives: Client Secret

VIDEO – HTTP Header Client Secret protected Web API

Watch the video below to see a demo of protecting WebAPI with HTTP header and a Client Secret.    By default, new Web API projects lack any security mechanism and are open to any anonymous user.    Protecting Dot Net methods with an IF() statement condition provides a simple security mechanism to ensure only users who know the Client Secret are able to run the API and execute the method.

NOTE – Check out https://www.spjeff.com/2017/10/05/video-azure-ad-protected-web-api-in-an-angularjs-spa/ for more complete WebAPI security with Azure AD.

Cheers! shades_smile

Video

Screenshots

image

Code

public bool keyMatch()
{
	// security HTTP header
	string key = "12345678901234567890123456789012345678901234567890";
	IEnumerable headerValues;
	var keyFilter = string.Empty;
	if (Request.Headers.TryGetValues("key", out headerValues))
	{
		// ALLOW - match key
		keyFilter = headerValues.FirstOrDefault();
	}
	if (keyFilter == key)
	{
		return true;
	}
	else
	{
		return false;
	}
}

References

Return to Top ▲Return to Top ▲