StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POProviding internet access to my self hosted web api on an internal network. A security threat?
primarykey
Id
18904930
data
AcceptedAnswerId
25052583
AnswerCount
1
ClosedDate
CommentCount
7
CommunityOwnedDate
CreationDate
2013-09-19T21:06:55.303
FavoriteCount
0
LastActivityDate
2014-07-31T06:57:38.923
LastEditDate
LastEditorUserId
0
OwnerUserId
1111239
ParentId
0
PostTypeId
1
Score
2
ViewCount
1266
LastEditorDisplayName
text
Body
Firstly, I'm relatively new to Web API / CORS and security implementation. This question is specifically with regards to security. The Web API houses extremely sensitive data and provides clients with the ability to execute transactions online. The context : <ul> <li>I have a Web API self hosted as a windows service with a fixed port.</li> <li>The Web API is sitting behind a firewall / DMZ on an internal network.</li> <li>The Web API (using CORS) only allows traffic from the external server.</li> <li>The external server hosts our web site using IIS.</li> <li>The Web API is making use of Token authentication (bound to client IP to avoid hi-jacking).</li> <li>Both the external website and internal Web API force the use of SSL.</li> </ul> The problem : The web page makes ajax calls via javascript to the Web API. However, the Web API is not directly exposed to the internet. <ul> <li>What would the security impact be on having the below setup?</li> <li>What sort of vulnerabilities would I be exposing my network too by doing so.</li> <li>Is there a better way of implementing such a setup!?</li> </ul> Eg <ul> <li>User enters <code>https://test.mydomain.com</code> into the browser and is served a page.</li> <li>ajax call gets made to <code>https://test.mydomain.com/api/test/action</code></li> <li>external server routes <code>https://test.mydomain.com/api</code> messages to internal server <code>https://myInternalWebAPI/api/test/action</code> which is not exposed to the public.</li> </ul>
Tags
<ajax><security><asp.net-web-api><forwarding>
Title
Providing internet access to my self hosted web api on an internal network. A security threat?
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USDwayne Hinterlang
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POProviding internet access to my self hosted web api on an internal network. A security threat?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.