Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Disable GET functionality of WEB API token call RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi guys.

    I developed an application using ASP.NET WEB API 2. The application is completed and in the process of having security review done on it, but one of the requirements is that any GET requests for login must be disabled.

    We are making the call to the token action over POST, but the security team picked up that you can still make the same request with GET and that needs to be removed. I know the token call is one that is built into the whole OAUTH system, but is it possible to configure it so that it will only accept POST requests and block GET?

    Thanks in advance.

    Tuesday, July 21, 2015 11:16 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Dupjacques,

    You are asking questions about ASP.NET Web API, I would recommend you post it on ASP.NET forum for effective response. This forum is to discuss questions about net framework class library.

    Thanks for your understanding.

    Regards,

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, July 22, 2015 3:26 AM