Skip to main content

Securing a .NET Core Web API hosted in Azure involves several best practices.

Securing a .NET Core Web API hosted in Azure involves several best practices. Here are some key recommendations along with code examples to help you implement them:

1. Use HTTPS

Ensure all communications are encrypted by enforcing HTTPS.

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseHttpsRedirection();
    // other middleware
}

2. Authentication and Authorization

Use OAuth 2.0 and JWT (JSON Web Tokens) for secure authentication and authorization.

Register the API with Azure AD

  1. Register your application in the Azure portal.
  2. Configure the API permissions.

Configure JWT Authentication

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(options =>
        {
            options.Authority = "https://login.microsoftonline.com/{tenant}";
            options.Audience = "api://{client-id}";
        });

    services.AddAuthorization();
    services.AddControllers();
}

3. Data Protection

Use Azure Key Vault to manage and protect sensitive information like connection strings and API keys.

public void ConfigureServices(IServiceCollection services)
{
    var keyVaultEndpoint = new Uri(Environment.GetEnvironmentVariable("KEYVAULT_ENDPOINT"));
    services.AddAzureKeyVault(keyVaultEndpoint, new DefaultAzureCredential());
}

4. Input Validation

Always validate and sanitize user inputs to prevent SQL injection and other attacks.

[HttpPost]
public IActionResult Create([FromBody] UserModel user)
{
    if (!ModelState.IsValid)
    {
        return BadRequest(ModelState);
    }
    // Process the user data
}

5. Rate Limiting and Throttling

Implement rate limiting to protect your API from abuse.

public void ConfigureServices(IServiceCollection services)
{
    services.AddMemoryCache();
    services.AddInMemoryRateLimiting();
    services.Configure<IpRateLimitOptions>(options =>
    {
        options.GeneralRules = new List<RateLimitRule>
        {
            new RateLimitRule
            {
                Endpoint = "*",
                Limit = 1000,
                Period = "1h"
            }
        };
    });
}

6. Logging and Monitoring

Use Azure Monitor and Application Insights for logging and monitoring.

public void ConfigureServices(IServiceCollection services)
{
    services.AddApplicationInsightsTelemetry(Configuration["ApplicationInsights:InstrumentationKey"]);
}

7. Regular Updates

Keep your .NET Core and NuGet packages up to date to ensure you have the latest security patches.

Additional Resources

For more detailed guidance, you can refer to the Microsoft documentation on securing .NET Core applications12.

Implementing these practices will help you build a secure and robust .NET Core Web API hosted in Azure. If you have any specific questions or need further assistance, feel free to ask!

Comments

Popular posts from this blog

Azure key vault with .net framework 4.8

Azure Key Vault  With .Net Framework 4.8 I was asked to migrate asp.net MVC 5 web application to Azure and I were looking for the key vault integrations and access all the secrete out from there. Azure Key Vault Config Builder Configuration builders for ASP.NET  are new in .NET Framework >=4.7.1 and .NET Core >=2.0 and allow for pulling settings from one or many sources. Config builders support a number of different sources like user secrets, environment variables and Azure Key Vault and also you can create your own config builder, to pull in configuration from your own configuration management system. Here I am going to demo Key Vault integrations with Asp.net MVC(download .net framework 4.8). You will find that it's magical, without code, changes how your app can read secretes from the key vault. Just you have to do the few configurations in your web config file. Prerequisite: Following resource are required to run/complete this demo · ...

How to Make a Custom URL Shortener Using C# and .Net Core 3.1

C# and .Net Core 3.1:  Make a Custom URL Shortener Since a Random URL needs to be random and the intent is to generate short URLs that do not span more than 7 - 15 characters, the real thing is to make these short URLs random in real life too and not just a string that is used in the URLs Here is a simple clean approach to develop custom solutions Prerequisite:  Following are used in the demo.  VS CODE/VISUAL STUDIO 2019 or any Create one .Net Core Console Applications Install-Package Microsoft.AspNetCore -Version 2.2.0 Add a class file named ShortLink.cs and put this code: here we are creating two extension methods. public   static   class   ShortLink {      public   static   string   GetUrlChunk ( this   long   key ) =>            WebEncoders . Base64UrlEncode ( BitConverter . GetBytes ( key ));      public   static   long   GetK...

Azure Logic Apps Send Email Using Send Grid Step by Step Example

Azure Logic Apps Send Email Using Send Grid Step by Step     Step 1- Create Send Grid Account Create a SendGrid Account  https://sendgrid.com/ Login and Generate Sendgrid Key and keep it safe that will be used further to send emails You can use Free service. it's enough for the demo purpose Step 2- Logic App Design Login to  https://portal.azure.com Go to Resources and Create Logic App Named "EmailDemo" Go To Newly Created Rosoure Named "EmailDemo" and Select a Trigger "Recurrence", You can choose according to your needs like HTTP, etc. Note* Without trigger you can not insert new steps or Actions Click on Change Connection and add Send Grid Key  Click on Create and Save Button on the Top. As we have recurrence so it will trigger according to our setup(every 3 months) so just for the test click on "RUN" button  Finally, you should get an email like below one: