SharePoint Pals
 | Sign In
How to restrict direct calls to WebAPI – SharePoint 2013
by Sathish Nadarajan 19 Oct 2015
Author
SharePoint MVP
Visits   
Today  :   3     Total  :    4730

In the previous articles, (WebAPI and Create WEBAPI) we saw how to create and call the WebAPI from our Javascripts in SharePoint 2013. Now, there is one more check, we need to do. i.e., while calling the WebAPI, from the Javascript, we would have given the WebAPI URL on the client Side. Hence, if some one who is having a knowledge of viewing the source, the end user will come to know the WebAPI. Obviously that is not a good practice. We expect the Users to access the WebAPI through our application. Not directly. So a validation needs to be done on the WebAPI.

 [HttpGet]
         public string MyMethod(string sampleParameter)
         {
             Uri urlReferrer = ((System.Web.HttpContextWrapper)Request.Properties["MS_HttpContext"]).Request.UrlReferrer;
             if (urlReferrer != null)
             {
                 if (urlReferrer.AbsolutePath.ToLower().Contains("/sites/MySiteCollection") && urlReferrer. Host.ToLower().Contains(“MyDomain”))
                 {
 
                     // Do the actual stuff 
                      
                     return returnValue;
                 }
             }
             return "Not a Valid Request";
         }
 

Hence, on the above code, if the WebAPI is being called directly, the urlReferrer will not have our site collection url. Hence, the Method will return a “Not a valid Request” message.

When the request comes from our site collection, then only the web api will respond.

Though this looks very small, it is really important when considering the security.

Happy Coding,

Sathish Nadarajan.

blog comments powered by Disqus

SharePoint Pals

Pals
SharePoint Pals, a community portal for SharePoint developers, Administrators and End Users. Let's join hands and share the point together.
Read this on mobile

Training

Angular Js Training In Chennai
Advanced Angular Js training with real world developer scenarios
Angular Js, Web Api and Ionic for .Net Developers
All in one client side application development for .Net developers
Angular Js For SharePoint Developers
Get ready for the future. Its no more just C#

Get Connected

SharePoint Resources

SharePoint 2013 and 2010 Web Parts
Free Web Parts with Source Code for SharePoint Community




SharePoint 2013 Books and Tutorials
Collection of free SharePoint 2013 books and tutorials (eBooks, pdfs)

Supported By

Contribute your article and be eligible for a one month Free Subscription for Plural Sight. The Author of the most popular New Article (published in the previous month) will be awarded with a Free One month Plural Sight Subscription. Article can be sent to articles@sharepointpals.com in a word document.

Related Resources

Recent Tweets

Twitter January 15, 00:25
How To Enable Target Value And Actual Value In #D3 Gauge Chart https://t.co/VxSi4QnNrC

Twitter January 15, 00:24
How To Open #SharePoint List Hyperlink Column In Modal #Popup Window https://t.co/EQ7HkoZDkX

Twitter January 15, 00:24
Quick Introduction To #Asp.NetCore And It’s Features https://t.co/zAXObHCFpH

Twitter January 15, 00:22
How To Configure #PerformancePoint Services To Use Secure Store In #SharePoint 2013 https://t.co/LEwnUoI7EY

Twitter January 15, 00:21
How To Block Or Disable #Office365 Services https://t.co/Yvp2VPFIRP

Follow us @SharePointPals
Note: For Customization and Configuration, CheckOutRecent Tweets Documentation