Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to authenticate user from another localhost?

Tags:

c#

asp.net-mvc

I'm designing 2 websites (localhost:44300 and localhost:44301). The first to upload images and the second to store the images as an image hosting.

In the Home controller of the second website, I've declared:

[HttpPost]
public ActionResult UploadImages()
{
   //logic...
}

Script in the first website:

$.ajax({
   url: 'https://localhost:44301/Home/UploadImages',
   type: 'POST'
}).done(function (data) {
   //logic...
})

That's great, but: What's happen if there is a request to localhost:44301 which NOT sent by localhost:44300 (another website)?

UploadImages() method still accepts that request and continues uploading.

I think about account. But how can I login from a localhost to another localhost? I cannot put username and password into the ajax. It's easy to read by attacker.

I have 2 questions:

Is it good if I use account in this case? If not, can you give me some tips?

Thank you!

like image 410
Tân Avatar asked May 25 '26 22:05

Tân

1 Answers

The actual question is dealing with handling server to server authentication between applications not specifically allowing internal access and rejecting external.

Seeing the discussion above between OP and JB King. What I'd truly recommend is that you use Azure Blob Storage or Amazon S3 storage. Then you can easily read or write the binary data between your applications.

The other alternative is just use regular Forms Authentication but you have site1 post the username and password to the login action and get back the auth cookie in the response. You need to just hold onto the auth cookie and pump it into any outbound requests from site1 to site2.

Old answer:

If you want to execute authorization on whether the request is local you want to implement a custom AuthorizeAttribute

It would look similar to

public class LocalOnlyAuth : AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (false == filterContext.RequestContext.HttpContext.Request.IsLocal)
        {
            filterContext.Result = 
               new HttpStatusCodeResult(HttpStatusCode.Forbidden, "Origin is forbidden");
        }
    }
}

and you would apply it

[LocalOnlyAuth]
public class HomeController : Controller
like image 134
Chris Marisic Avatar answered May 28 '26 13:05

Chris Marisic
Sign in to Comment

Related questions

$(TargetFramework) is empty when targeting multiple frameworks
In a MAUI application, where is the best way to initialize some data when the application starts?
Multiple lines on regex
Getting Names of properties in a chain from NewExpression members
Why we need Pointers for assigning a value to a variable in Go/C but not C#/Java
How to group generic constraints?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!