Answer the question
In order to leave comments, you need to log in
How to secure WebAPI from unnecessary actions?
Welcome.
There is an idea for a project that needs to be implemented. Public site-service with its clients (users).
I want to implement it on Angular2 + WebAPI. But here's the problem. The service is not that top secret, but you need to somehow secure the database from unnecessary actions that can be performed by people who can open the developer console in the browser and know about the Network tab.
What are some good ways to avoid exposing all requests to WebAPI or blocking the execution of an action on the server side, if this action should not be performed, logically? Binding to the keys disappears - the site will somehow access the WebAPI, which means it will merge the key in the console. Cookies and sessions are also in the trash, because creating an account in the service and stealing lines from the console is no more difficult than finding the key in the request.
What do colleagues say?
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question