Mixing
![Can an atomic nucleus contain both particles and antiparticles? [duplicate]](https://lh5.googleusercontent.com/-sPWkJWTFbOc/AAAAAAAAAAI/AAAAAAAAAAA/ACevoQMLZGH3ke2QBae3DiGnwWe3VQaYvQ/s72-c-mo/photo.jpg?sz=32)
How to deny HTTP POST requests from other applications? [closed]
I am doing security checks on my web application which hosted in .net IIS , I comes to know that there is a possibility to access my web pages through HTTP Post method from any other application , we need to deny those requests which comes through HTTP POST method, Is there a any possible way to deny this?
From the below example of code 'www.example.com' is my website , and 'recepticle.aspx' is a web page which accessed from other web application (eg: www.Hacker1.com) through HttpClient, how I can prevent this?
Code written on (www.Hacker1.com)
private static readonly HttpClient client = new HttpClient();
var content = new FormUrlEncodedContent(values);
var response = client.PostAsync("http://www.example.com/recepticle.aspx", content);
var responseString = await response.Content.ReadAsStringAsync();
I need to deny HTTP POST requests from other web applications to my web pages , but I can allow requests from browser
c# .net iis
asked Jan 2 at 8:54
Rajesh kanna.SRajesh kanna.S
53
closed as too broad by Alexei Levenkov, Owen Pauling, Ondrej Svejdar, Mickael Maison, AkshayNevrekar Jan 2 at 13:06
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |
I am doing security checks on my web application which hosted in .net IIS , I comes to know that there is a possibility to access my web pages through HTTP Post method from any other application , we need to deny those requests which comes through HTTP POST method, Is there a any possible way to deny this?
From the below example of code 'www.example.com' is my website , and 'recepticle.aspx' is a web page which accessed from other web application (eg: www.Hacker1.com) through HttpClient, how I can prevent this?
Code written on (www.Hacker1.com)
private static readonly HttpClient client = new HttpClient();
var content = new FormUrlEncodedContent(values);
var response = client.PostAsync("http://www.example.com/recepticle.aspx", content);
var responseString = await response.Content.ReadAsStringAsync();
I need to deny HTTP POST requests from other web applications to my web pages , but I can allow requests from browser
c# .net iis
asked Jan 2 at 8:54
Rajesh kanna.SRajesh kanna.S
53
closed as too broad by Alexei Levenkov, Owen Pauling, Ondrej Svejdar, Mickael Maison, AkshayNevrekar Jan 2 at 13:06
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
May I know what technology and platform are you using on your server side?
– Mohammad Nikravesh
Jan 2 at 8:58
if you are using Authorizing system such as asp.net identity. just put [Authorize(Roles="Admin or role you want to allow")] as an attribute on post method that should make it fine
– Halil İbrahim
Jan 2 at 9:01
Assuming "any other application" means any other application there is no way. If you can narrow down your requirements it may become answerable.
– Alexei Levenkov
Jan 2 at 9:05
add a comment |
I am doing security checks on my web application which hosted in .net IIS , I comes to know that there is a possibility to access my web pages through HTTP Post method from any other application , we need to deny those requests which comes through HTTP POST method, Is there a any possible way to deny this?
From the below example of code 'www.example.com' is my website , and 'recepticle.aspx' is a web page which accessed from other web application (eg: www.Hacker1.com) through HttpClient, how I can prevent this?
Code written on (www.Hacker1.com)
private static readonly HttpClient client = new HttpClient();
var content = new FormUrlEncodedContent(values);
var response = client.PostAsync("http://www.example.com/recepticle.aspx", content);
var responseString = await response.Content.ReadAsStringAsync();
I need to deny HTTP POST requests from other web applications to my web pages , but I can allow requests from browser
c# .net iis
asked Jan 2 at 8:54
Rajesh kanna.SRajesh kanna.S
53
I am doing security checks on my web application which hosted in .net IIS , I comes to know that there is a possibility to access my web pages through HTTP Post method from any other application , we need to deny those requests which comes through HTTP POST method, Is there a any possible way to deny this?
From the below example of code 'www.example.com' is my website , and 'recepticle.aspx' is a web page which accessed from other web application (eg: www.Hacker1.com) through HttpClient, how I can prevent this?
Code written on (www.Hacker1.com)
private static readonly HttpClient client = new HttpClient();
var content = new FormUrlEncodedContent(values);
var response = client.PostAsync("http://www.example.com/recepticle.aspx", content);
var responseString = await response.Content.ReadAsStringAsync();
I need to deny HTTP POST requests from other web applications to my web pages , but I can allow requests from browser
c# .net iis
c# .net iis
asked Jan 2 at 8:54
Rajesh kanna.SRajesh kanna.S
53
asked Jan 2 at 8:54
Rajesh kanna.SRajesh kanna.S
53
edited Jan 2 at 9:44
Rajesh kanna.S
asked Jan 2 at 8:54
Rajesh kanna.SRajesh kanna.S
53
asked Jan 2 at 8:54
Rajesh kanna.SRajesh kanna.S
53
asked Jan 2 at 8:54
Rajesh kanna.SRajesh kanna.S
53
53
closed as too broad by Alexei Levenkov, Owen Pauling, Ondrej Svejdar, Mickael Maison, AkshayNevrekar Jan 2 at 13:06
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as too broad by Alexei Levenkov, Owen Pauling, Ondrej Svejdar, Mickael Maison, AkshayNevrekar Jan 2 at 13:06
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
May I know what technology and platform are you using on your server side?
– Mohammad Nikravesh
Jan 2 at 8:58
if you are using Authorizing system such as asp.net identity. just put [Authorize(Roles="Admin or role you want to allow")] as an attribute on post method that should make it fine
– Halil İbrahim
Jan 2 at 9:01
Assuming "any other application" means any other application there is no way. If you can narrow down your requirements it may become answerable.
– Alexei Levenkov
Jan 2 at 9:05
add a comment |
May I know what technology and platform are you using on your server side?
– Mohammad Nikravesh
Jan 2 at 8:58
if you are using Authorizing system such as asp.net identity. just put [Authorize(Roles="Admin or role you want to allow")] as an attribute on post method that should make it fine
– Halil İbrahim
Jan 2 at 9:01
Assuming "any other application" means any other application there is no way. If you can narrow down your requirements it may become answerable.
– Alexei Levenkov
Jan 2 at 9:05
May I know what technology and platform are you using on your server side?
– Mohammad Nikravesh
Jan 2 at 8:58
May I know what technology and platform are you using on your server side?
– Mohammad Nikravesh
Jan 2 at 8:58
if you are using Authorizing system such as asp.net identity. just put [Authorize(Roles="Admin or role you want to allow")] as an attribute on post method that should make it fine
– Halil İbrahim
Jan 2 at 9:01
if you are using Authorizing system such as asp.net identity. just put [Authorize(Roles="Admin or role you want to allow")] as an attribute on post method that should make it fine
– Halil İbrahim
Jan 2 at 9:01
Assuming "any other application" means any other application there is no way. If you can narrow down your requirements it may become answerable.
– Alexei Levenkov
Jan 2 at 9:05
Assuming "any other application" means any other application there is no way. If you can narrow down your requirements it may become answerable.
– Alexei Levenkov
Jan 2 at 9:05
add a comment |
4 Answers
4
active
oldest
votes
You can only deny POST request for everyone - you can't deny them selectively. Any protection you'll put in place (like checking referrer) hacker site can easily mock. Proper protection is forcing authentication of users and allow only authenticated user to make such request.
I.E. Have endpoint login.aspx - exchange username/password for authentication cookie/or token and recepticle.aspx should check if the authentication cookie/token is present.
BTW. Authentication topic is complex and ASP.NET/IIS has lot of templates build-in. Still its easy to do it wrong. So if you're unsure it is best to delegate authentication to OAUTH / use one of big providers you trust https://en.wikipedia.org/wiki/List_of_OAuth_providers
answered Jan 2 at 9:56
Ondrej SvejdarOndrej Svejdar
15.6k34066
Thanks Ondrej , I got your point , in this case if HTTPClient has used in console application , receiver server considering the request from which browser (IE or Mozila or Chrome) ?
– Rajesh kanna.S
Jan 2 at 12:26
@Rajeshkanna.S - browser identifies itself with so called user agent string; this is known http header. However this can be simply mocked like httpClient.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"); - now server will think your console app is chrome browser.
– Ondrej Svejdar
Jan 2 at 12:32
Okay, Thanks Ondrej.
– Rajesh kanna.S
Jan 2 at 15:42
add a comment |
If you just want to block your requests based on any parameter on request which in your case is HTTP verbs, Easily you can do it on IIS through this
answered Jan 2 at 9:08
Mohammad NikraveshMohammad Nikravesh
4951622
1
Thanks Mohamman, I added more information on my question , please have a look .
– Rajesh kanna.S
Jan 2 at 9:46
add a comment |
You can deny POST requests, but there's no sensible way -- without adding authentication -- to tell which application those requests are coming from, which means that you won't be able to allow POST requests from just your client app, but no others.
Just secure the endpoint properly by using some sort of authentication.
If your endpoints are only supposed to be accessed by your application, why are you making them publicly-accessible in the first place? If this is the same application, just call the functions directly. If this is a separate application, use firewall rules to make sure it can only be accessed by localhost (e.g.).
answered Jan 2 at 9:51
Roger LipscombeRoger Lipscombe
56.6k44190316
add a comment |
You can define the specific origin in web config from where request you want to authorize.
You can define http protocol for your application in web config like this
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type, Authorization, Set-Authorization" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
<add name="Access-Control-Expose-Headers" value="Set-Authorization" />
</customHeaders>
</httpProtocol>
Here this code example contains * for Origin value that means it will allow for all application request so you have to pass the your application url here instead of *.
answered Jan 2 at 9:05
kapil sharmakapil sharma
467
add a comment |
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
You can only deny POST request for everyone - you can't deny them selectively. Any protection you'll put in place (like checking referrer) hacker site can easily mock. Proper protection is forcing authentication of users and allow only authenticated user to make such request.
I.E. Have endpoint login.aspx - exchange username/password for authentication cookie/or token and recepticle.aspx should check if the authentication cookie/token is present.
BTW. Authentication topic is complex and ASP.NET/IIS has lot of templates build-in. Still its easy to do it wrong. So if you're unsure it is best to delegate authentication to OAUTH / use one of big providers you trust https://en.wikipedia.org/wiki/List_of_OAuth_providers
answered Jan 2 at 9:56
Ondrej SvejdarOndrej Svejdar
15.6k34066
Thanks Ondrej , I got your point , in this case if HTTPClient has used in console application , receiver server considering the request from which browser (IE or Mozila or Chrome) ?
– Rajesh kanna.S
Jan 2 at 12:26
@Rajeshkanna.S - browser identifies itself with so called user agent string; this is known http header. However this can be simply mocked like httpClient.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"); - now server will think your console app is chrome browser.
– Ondrej Svejdar
Jan 2 at 12:32
Okay, Thanks Ondrej.
– Rajesh kanna.S
Jan 2 at 15:42
add a comment |
You can only deny POST request for everyone - you can't deny them selectively. Any protection you'll put in place (like checking referrer) hacker site can easily mock. Proper protection is forcing authentication of users and allow only authenticated user to make such request.
I.E. Have endpoint login.aspx - exchange username/password for authentication cookie/or token and recepticle.aspx should check if the authentication cookie/token is present.
BTW. Authentication topic is complex and ASP.NET/IIS has lot of templates build-in. Still its easy to do it wrong. So if you're unsure it is best to delegate authentication to OAUTH / use one of big providers you trust https://en.wikipedia.org/wiki/List_of_OAuth_providers
answered Jan 2 at 9:56
Ondrej SvejdarOndrej Svejdar
15.6k34066
Thanks Ondrej , I got your point , in this case if HTTPClient has used in console application , receiver server considering the request from which browser (IE or Mozila or Chrome) ?
– Rajesh kanna.S
Jan 2 at 12:26
@Rajeshkanna.S - browser identifies itself with so called user agent string; this is known http header. However this can be simply mocked like httpClient.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"); - now server will think your console app is chrome browser.
– Ondrej Svejdar
Jan 2 at 12:32
Okay, Thanks Ondrej.
– Rajesh kanna.S
Jan 2 at 15:42
add a comment |
You can only deny POST request for everyone - you can't deny them selectively. Any protection you'll put in place (like checking referrer) hacker site can easily mock. Proper protection is forcing authentication of users and allow only authenticated user to make such request.
I.E. Have endpoint login.aspx - exchange username/password for authentication cookie/or token and recepticle.aspx should check if the authentication cookie/token is present.
BTW. Authentication topic is complex and ASP.NET/IIS has lot of templates build-in. Still its easy to do it wrong. So if you're unsure it is best to delegate authentication to OAUTH / use one of big providers you trust https://en.wikipedia.org/wiki/List_of_OAuth_providers
answered Jan 2 at 9:56
Ondrej SvejdarOndrej Svejdar
15.6k34066
You can only deny POST request for everyone - you can't deny them selectively. Any protection you'll put in place (like checking referrer) hacker site can easily mock. Proper protection is forcing authentication of users and allow only authenticated user to make such request.
I.E. Have endpoint login.aspx - exchange username/password for authentication cookie/or token and recepticle.aspx should check if the authentication cookie/token is present.
BTW. Authentication topic is complex and ASP.NET/IIS has lot of templates build-in. Still its easy to do it wrong. So if you're unsure it is best to delegate authentication to OAUTH / use one of big providers you trust https://en.wikipedia.org/wiki/List_of_OAuth_providers
answered Jan 2 at 9:56
Ondrej SvejdarOndrej Svejdar
15.6k34066
answered Jan 2 at 9:56
Ondrej SvejdarOndrej Svejdar
15.6k34066
answered Jan 2 at 9:56
Ondrej SvejdarOndrej Svejdar
15.6k34066
answered Jan 2 at 9:56
Ondrej SvejdarOndrej Svejdar
15.6k34066
15.6k34066
Thanks Ondrej , I got your point , in this case if HTTPClient has used in console application , receiver server considering the request from which browser (IE or Mozila or Chrome) ?
– Rajesh kanna.S
Jan 2 at 12:26
@Rajeshkanna.S - browser identifies itself with so called user agent string; this is known http header. However this can be simply mocked like httpClient.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"); - now server will think your console app is chrome browser.
– Ondrej Svejdar
Jan 2 at 12:32
Okay, Thanks Ondrej.
– Rajesh kanna.S
Jan 2 at 15:42
add a comment |
Thanks Ondrej , I got your point , in this case if HTTPClient has used in console application , receiver server considering the request from which browser (IE or Mozila or Chrome) ?
– Rajesh kanna.S
Jan 2 at 12:26
@Rajeshkanna.S - browser identifies itself with so called user agent string; this is known http header. However this can be simply mocked like httpClient.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"); - now server will think your console app is chrome browser.
– Ondrej Svejdar
Jan 2 at 12:32
Okay, Thanks Ondrej.
– Rajesh kanna.S
Jan 2 at 15:42
Thanks Ondrej , I got your point , in this case if HTTPClient has used in console application , receiver server considering the request from which browser (IE or Mozila or Chrome) ?
– Rajesh kanna.S
Jan 2 at 12:26
Thanks Ondrej , I got your point , in this case if HTTPClient has used in console application , receiver server considering the request from which browser (IE or Mozila or Chrome) ?
– Rajesh kanna.S
Jan 2 at 12:26
@Rajeshkanna.S - browser identifies itself with so called user agent string; this is known http header. However this can be simply mocked like httpClient.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"); - now server will think your console app is chrome browser.
– Ondrej Svejdar
Jan 2 at 12:32
@Rajeshkanna.S - browser identifies itself with so called user agent string; this is known http header. However this can be simply mocked like httpClient.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"); - now server will think your console app is chrome browser.
– Ondrej Svejdar
Jan 2 at 12:32
Okay, Thanks Ondrej.
– Rajesh kanna.S
Jan 2 at 15:42
Okay, Thanks Ondrej.
– Rajesh kanna.S
Jan 2 at 15:42
add a comment |
If you just want to block your requests based on any parameter on request which in your case is HTTP verbs, Easily you can do it on IIS through this
answered Jan 2 at 9:08
Mohammad NikraveshMohammad Nikravesh
4951622
1
Thanks Mohamman, I added more information on my question , please have a look .
– Rajesh kanna.S
Jan 2 at 9:46
add a comment |
If you just want to block your requests based on any parameter on request which in your case is HTTP verbs, Easily you can do it on IIS through this
answered Jan 2 at 9:08
Mohammad NikraveshMohammad Nikravesh
4951622
1
Thanks Mohamman, I added more information on my question , please have a look .
– Rajesh kanna.S
Jan 2 at 9:46
add a comment |
If you just want to block your requests based on any parameter on request which in your case is HTTP verbs, Easily you can do it on IIS through this
answered Jan 2 at 9:08
Mohammad NikraveshMohammad Nikravesh
4951622
If you just want to block your requests based on any parameter on request which in your case is HTTP verbs, Easily you can do it on IIS through this
answered Jan 2 at 9:08
Mohammad NikraveshMohammad Nikravesh
4951622
answered Jan 2 at 9:08
Mohammad NikraveshMohammad Nikravesh
4951622
answered Jan 2 at 9:08
Mohammad NikraveshMohammad Nikravesh
4951622
answered Jan 2 at 9:08
Mohammad NikraveshMohammad Nikravesh
4951622
4951622
1
Thanks Mohamman, I added more information on my question , please have a look .
– Rajesh kanna.S
Jan 2 at 9:46
add a comment |
1
Thanks Mohamman, I added more information on my question , please have a look .
– Rajesh kanna.S
Jan 2 at 9:46
1
1
Thanks Mohamman, I added more information on my question , please have a look .
– Rajesh kanna.S
Jan 2 at 9:46
Thanks Mohamman, I added more information on my question , please have a look .
– Rajesh kanna.S
Jan 2 at 9:46
add a comment |
You can deny POST requests, but there's no sensible way -- without adding authentication -- to tell which application those requests are coming from, which means that you won't be able to allow POST requests from just your client app, but no others.
Just secure the endpoint properly by using some sort of authentication.
If your endpoints are only supposed to be accessed by your application, why are you making them publicly-accessible in the first place? If this is the same application, just call the functions directly. If this is a separate application, use firewall rules to make sure it can only be accessed by localhost (e.g.).
answered Jan 2 at 9:51
Roger LipscombeRoger Lipscombe
56.6k44190316
add a comment |
You can deny POST requests, but there's no sensible way -- without adding authentication -- to tell which application those requests are coming from, which means that you won't be able to allow POST requests from just your client app, but no others.
Just secure the endpoint properly by using some sort of authentication.
If your endpoints are only supposed to be accessed by your application, why are you making them publicly-accessible in the first place? If this is the same application, just call the functions directly. If this is a separate application, use firewall rules to make sure it can only be accessed by localhost (e.g.).
answered Jan 2 at 9:51
Roger LipscombeRoger Lipscombe
56.6k44190316
add a comment |
You can deny POST requests, but there's no sensible way -- without adding authentication -- to tell which application those requests are coming from, which means that you won't be able to allow POST requests from just your client app, but no others.
Just secure the endpoint properly by using some sort of authentication.
If your endpoints are only supposed to be accessed by your application, why are you making them publicly-accessible in the first place? If this is the same application, just call the functions directly. If this is a separate application, use firewall rules to make sure it can only be accessed by localhost (e.g.).
answered Jan 2 at 9:51
Roger LipscombeRoger Lipscombe
56.6k44190316
You can deny POST requests, but there's no sensible way -- without adding authentication -- to tell which application those requests are coming from, which means that you won't be able to allow POST requests from just your client app, but no others.
Just secure the endpoint properly by using some sort of authentication.
If your endpoints are only supposed to be accessed by your application, why are you making them publicly-accessible in the first place? If this is the same application, just call the functions directly. If this is a separate application, use firewall rules to make sure it can only be accessed by localhost (e.g.).
answered Jan 2 at 9:51
Roger LipscombeRoger Lipscombe
56.6k44190316
answered Jan 2 at 9:51
Roger LipscombeRoger Lipscombe
56.6k44190316
answered Jan 2 at 9:51
Roger LipscombeRoger Lipscombe
56.6k44190316
answered Jan 2 at 9:51
Roger LipscombeRoger Lipscombe
56.6k44190316
56.6k44190316
add a comment |
add a comment |
You can define the specific origin in web config from where request you want to authorize.
You can define http protocol for your application in web config like this
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type, Authorization, Set-Authorization" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
<add name="Access-Control-Expose-Headers" value="Set-Authorization" />
</customHeaders>
</httpProtocol>
Here this code example contains * for Origin value that means it will allow for all application request so you have to pass the your application url here instead of *.
answered Jan 2 at 9:05
kapil sharmakapil sharma
467
add a comment |
You can define the specific origin in web config from where request you want to authorize.
You can define http protocol for your application in web config like this
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type, Authorization, Set-Authorization" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
<add name="Access-Control-Expose-Headers" value="Set-Authorization" />
</customHeaders>
</httpProtocol>
Here this code example contains * for Origin value that means it will allow for all application request so you have to pass the your application url here instead of *.
answered Jan 2 at 9:05
kapil sharmakapil sharma
467
add a comment |
You can define the specific origin in web config from where request you want to authorize.
You can define http protocol for your application in web config like this
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type, Authorization, Set-Authorization" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
<add name="Access-Control-Expose-Headers" value="Set-Authorization" />
</customHeaders>
</httpProtocol>
Here this code example contains * for Origin value that means it will allow for all application request so you have to pass the your application url here instead of *.
answered Jan 2 at 9:05
kapil sharmakapil sharma
467
You can define the specific origin in web config from where request you want to authorize.
You can define http protocol for your application in web config like this
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type, Authorization, Set-Authorization" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
<add name="Access-Control-Expose-Headers" value="Set-Authorization" />
</customHeaders>
</httpProtocol>
Here this code example contains * for Origin value that means it will allow for all application request so you have to pass the your application url here instead of *.
answered Jan 2 at 9:05
kapil sharmakapil sharma
467
answered Jan 2 at 9:05
kapil sharmakapil sharma
467
answered Jan 2 at 9:05
kapil sharmakapil sharma
467
answered Jan 2 at 9:05
kapil sharmakapil sharma
467
467
add a comment |
add a comment |
May I know what technology and platform are you using on your server side?
– Mohammad Nikravesh
Jan 2 at 8:58
if you are using Authorizing system such as asp.net identity. just put [Authorize(Roles="Admin or role you want to allow")] as an attribute on post method that should make it fine
– Halil İbrahim
Jan 2 at 9:01
Assuming "any other application" means any other application there is no way. If you can narrow down your requirements it may become answerable.
– Alexei Levenkov
Jan 2 at 9:05