locked
Disable GET functionality of WEB API token call RRS feed

  • Question

  • Hi guys.

    I developed an application using ASP.NET WEB API 2. The application is completed and in the process of having security review done on it, but one of the requirements is that any GET requests for login must be disabled.

    We are making the call to the token action over POST, but the security team picked up that you can still make the same request with GET and that needs to be removed. I know the token call is one that is built into the whole OAUTH system, but is it possible to configure it so that it will only accept POST requests and block GET?

    Thanks in advance.

    Tuesday, July 21, 2015 11:16 AM

All replies

  • Hi Dupjacques,

    You are asking questions about ASP.NET Web API, I would recommend you post it on ASP.NET forum for effective response. This forum is to discuss questions about net framework class library.

    Thanks for your understanding.

    Regards,


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, July 22, 2015 3:26 AM