Need to expose some user info to a 3rd party web service.
So created a ServicesController using DNN WebApi with the appropriate [HttpGet] method
and marked it with [AllowAnonymous].
It's all fine, but how do I make sure the needed web service is consuming it?
All the available attributes such as [RequireHost], [ValidateAntiForgeryToken], etc.., requires it to be a part of the DNN website.
Are you asking if you want to restrict the WebAPI housed in DNN to be accessible from anything but your own client? I don't think there is any attribute available in DNN to prevent that. You'd need to implement something on your own. You could pass a secret key as one of the parameter, but again it's not that secure, but it will provide some level of protection.
You could further restrict by certain IP, but this needs to be done within your WebAPI Get method itself.