Search code examples
c#.netrestasp.net-core

Restrict particular Rest API not to be accessed but deploy the code

I have deployed my .net core code in IIS and NGINX. Is there any way that I can restrict user not to use the particular API and not to deploy code again?

Or if i have to deploy again, is there any way that I can restrict users so that they cannot use that API?

Solution

  • If I understand you question correctly you could use a feature flag, .net has built in tools that allow you activate or deactivate a given controller or controller action, and do so through your application settings without needing to change and deploy any code.

    You can do this following way:

    Add the service to your app in your Startup, Program, or wherever you configure your services:

    using Microsoft.FeatureManagement;      

builder.Services.AddFeatureManagement();

    You can add your features flags to appsettings.json, so that you can easily change it without touching the code. You must connect your app to your appsettings feature flag configuration:

    using Microsoft.Extensions.Configuration.AzureAppConfiguration;

var builder = WebApplication.CreateBuilder(args);

builder.Configuration.AddAzureAppConfiguration(options =>
    options.Connect(
        builder.Configuration["ConnectionStrings:AppConfig"])
        .UseFeatureFlags());

    The above way is easier, I find, using the built in feature management json property but you can also define your own, and access it by way of GetSection, which I will not detail here.

    You should then add it to the application in your middleware:

    builder.Services.AddAzureAppConfiguration();

app.UseAzureAppConfiguration();

    And to appsettings.json:

    {
    "FeatureManagement": {
        "FeatureA": true, // Feature flag set to on
        "FeatureB": false, // Feature flag set to off
    }   
}

    You can also declare some static class to add your settings name for ease of use throughout the application:

    public static class MyFeatureFlags
{
    public const string FeatureA = "FeatureA";
    public const string FeatureB = "FeatureB";
}

    You can use this inside an action/method to 'hide' a given flow, or use it to disable the controller, or a single action, which I believe is your use case:

    using Microsoft.FeatureManagement.Mvc;

[FeatureGate(MyFeatureFlags.FeatureB)]
[HttpGet]
public ActionResult<Something> MyApi()
{
    ...
}

    As you can see FeatureB is false, so the action would be disabled, if you want to enable it, just change its value to true in your settings and the api will be readily available for use.

    You can cache these values so that they are updated in a given time span when you choose to change them:

    config.AddAzureAppConfiguration(options =>
    options.Connect(
        builder.Configuration["ConnectionStrings:AppConfig"])
            .UseFeatureFlags(featureFlagOptions => {
                featureFlagOptions.CacheExpirationInterval = TimeSpan.FromMinutes(5);
    }));

    Check this page for reference and more detailed information so that you can adapt this answer to your particular implementation if need be:

    https://learn.microsoft.com/en-us/azure/azure-app-configuration/use-feature-flags-dotnet-core