Click here to Skip to main content
16,016,140 members
Search within:


Find out from which url your API called
Please Sign up or sign in to vote.
0.00/5 (No votes)
I'm using web api.My question is: I have to check from where call is coming in Global.asax(Application_AcquireRequestState) because I have to restrict some calls which are coming from unknown urls for the purpose of web api security.
Posted
Add a Solution
Comments
Prasad Khandekar 7-Oct-13 11:16am    
Hello,

There are multiple ways of doing this. To start with you can check the Referer Header of the incoming HttpRequest. For the AJAX request's made from your application's page the domain and context part will be same as your applications domain and conrexr. eg. If your app's base url is http://www.foo.com/someapp then Referer header of ajax requests will also start with this base url. (Please remember though that the Refere header can be spoofed)

Another way is to use a hidden variable and session variable combination. In this scheme for every request you will generate a random token, store it in session and pass it to client via hidden field. The client is then expected to send this token in subsequent request. if token send does not matches with the one stored in the session then you can discard the request.

Regards,
Sergey Alexandrovich Kryukov 7-Oct-13 15:58pm    
You could post it as a formal answer.
—SA

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
API gateway error - calling [asyncpostprocess()] is not valid for a request with async state [ERROR]
Can not find the apis in GRCP project! ! !
Match videoname with videoid then add in an API URL
Make a C# call to "C" DLL function(api) work.
Bot app calling issue from IIS and webapp
How to extend windows 11 search capability to call my API and provide search results
How to validate URL while calling an API in C# ?
Call API Url in c#.net
Error 405 when calling API from android
How do I find a URL that will return a JSON collection from tesla

Advertise
Privacy
Cookies
Terms of Use
Last Updated 7 Oct 2013
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-07-22:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900