Securing Web API (CORS enabled) using token id, referrer url and ip address in Cross-Origin Requests
Posted On: 18-Oct-2015 09:06
If you developing Web API for third party vendor then you need to enable CORS feature of the Web API. In this scenario, we
need to prevent or secure the API from unauthorized user or Cross-Site Request Forgery attacks. We can Secure Web API (CORS
enabled) using token id, referrer url and ip address in Cross-Origin Requests. This article will describe how we can secure
Web API using token id, referrer url and ip address.
Visual studio 2013, Web API 2.0
Used keyword details
tokenid: is a 15 to 20 digit auto generated code provided by third party vendor to the client for access the api.
ip address: is a ip address of the client that uses the api (for desktop based client).
referrer url: is a url of the page where the client uses the api on then web page (for web based client)
How to enable CORS in Web API
You can enable CORS in Web API in following steps:
I) add the CORS NuGet package=> In Visual Studio, from the Tools menu, select Library Package Manager, then select Package Manager Console. In the Package Manager Console window, type the following command: Install-Package Microsoft.AspNet.WebApi.Cors (This command will install the latest package and updates all dependencies, including the core Web API libraries. The CORS package requires Web API 2.0 or later.)
II) open the file App_Start/WebApiConfig.cs. Add the following code to the WebApiConfig.Register method.
III) add the [EnableCors] attribute to the Controller class:
How to Validate token id, ip address and referrer url
You can validate tokenid and ip address and referrer url in action of api controller as
In this article we uses token id, ip address and referrer url for securing the Web API. Hopefully, this article will help you do that.