📘 Learn how to secure an ASP.NET Web API by granting access only to authorized users through Auth0 authentication and authorization services.
Having control over who can access your API is a necessary requirement to make your application secure. This article will show you how to restrict access to your ASP.NET Web API to authorized users only.
Setting up the Web API Application
Let's start by setting up the ASP.NET Web API application to be protected. You can download a glossary Web API from this GitHub repository by running the following command in a terminal window:
git clone --branch starter --single-branch https://github.com/auth0-blog/glossary-web-api-aspnet.git
This ASP.NET application provides you with a CRUD Web API to manage a glossary of terms. You can learn the details of its implementation by reading this article.
Once you download the application, move to the glossary-web-api-aspnet folder and launch it by typing dotnet run in a terminal window. By pointing your browser to https://localhost:5001/swagger, you should see a page like the following to interactively test the APIs:
The Web API application allows you to get a list of term definitions or a single term definition. It also lets you create a new definition and modify or delete an existing one.
The current implementation of this glossary Web API allows anyone to perform all the available operations on the glossary. Most probably, you want to allow everyone to get a single glossary item or the full glossary. Still, only authorized users should be enabled to create, update, and delete glossary items.
Let's go and see how to protect these three actions by integrating your ASP.NET Core Web API with Auth0 services.
Top comments (0)