WebApi protection in Azure Api management
I have deployed my webapi to Azure sites and exposed it through the Azure Api Management Portal. I want to block access to azurewebsites url so that user can only access my api through azu aoi proxy via security key. Could you please shed some light on how this can be done. I have heard that it is possible to use Mutual Certificates, but I cannot find any article on the Internet that describes the process of creating such certificates and configuring the web api to use them effectively. My second question is, is there a mechanism to get the Api primary key based on UserName / Password and Product name. What would be the best approach associated with this api access key. If the client application stores it in some config file and it needs to be retrieved programmatically at runtime?
Many thanks
source to share
There are several ways to protect your server:
- Use basic authentication
- Use mutual certificate authentication https://azure.microsoft.com/en-us/documentation/articles/api-management-howto-mutual-certificates
- IP whitelist. If you have a Standard or Premium copy, the proxy server IP will remain the same.
- Use OAuth. An example can be found here: https://channel9.msdn.com/Blogs/AzureApiMgmt/Protecting-Web-API-Backend-with-Azure-Active-Directory-and-API-Management Hope this helps.
source to share