My company has asked me to build a web app that will be able to query customer data on the web but also to do a async request to a remote server and query the data on that DB as well and then return both results into one.
I'll be using Umbraco on the web and a Vanilla Asp.Net Web Api service on the remote DB.
What's the best practise for securing requests? Do i create an API key? but how will that be authenticated / authorised on the remote server?
For example, say i have a Member on my Umbraco Instance called Sean Smith, he does a search on the web app for a Jenny Smith.
The web app will do two DB queries, one on the local DB on my web server and another async request on the remote DB which is located in offices on the other side of town (cross origin request).
What's the safest and most secure way that the remote DB / server can verify that Sean Smith is a registered member and that he is allowed access to the remote DB to search for Jenny Smith?
Secure Web Api between two Seperate services
My company has asked me to build a web app that will be able to query customer data on the web but also to do a async request to a remote server and query the data on that DB as well and then return both results into one.
I'll be using Umbraco on the web and a Vanilla Asp.Net Web Api service on the remote DB.
What's the best practise for securing requests? Do i create an API key? but how will that be authenticated / authorised on the remote server?
For example, say i have a Member on my Umbraco Instance called Sean Smith, he does a search on the web app for a Jenny Smith.
The web app will do two DB queries, one on the local DB on my web server and another async request on the remote DB which is located in offices on the other side of town (cross origin request).
What's the safest and most secure way that the remote DB / server can verify that Sean Smith is a registered member and that he is allowed access to the remote DB to search for Jenny Smith?
Any help will be appreciated. Much Love
is working on a reply...