How do I disable access to ASP.NET Core 8 web API identity methods?
I have an ASP.NET Core 8 web API. I have disabled Swagger documentation in production, but the endpoints shown below are still available for use. For example, I can still use the register endpoint in Postman even though I can't see the Swagger documentation.
The only endpoints that I need in production are login and refresh. Users do not create their own accounts or manage passwords. I don't see these endpoints in the code like the endpoints I have added in controllers. How can I prevent access to these endpoints in my production site?
Somewhere in your code, you make a call to MapIdentityApi, which adds all identity endpoints and is not configurable. See the source code
You should get rid of your call to MapIdentityApi and copy the login and refresh endpoints from the source code mentioned above to your own controller or minimal api.
- Redis cache in .NET 8 is not taking effect?
- Use React Authentication with .NET backend?
- List users with roles in a razor page using asp.net 6.0 Identity
- Correct handling of formless AJAX POST and AntiForgery in C# Razor Pages
- how to load partial view in ajax in asp.net core
- Entity Framework Core multiple connection strings on same DBContext?
- error A value of type 'int' cannot be used as a default parameter because there are no standard conversions to type
- What is this string inside Blazor components HTML tag
- Blazor Server: Breadcrumb change using JavaScript persists across pages
- .net blazor new debug profile lacks .css .js why?
- How to get results from a Postgresql function using EF Core?
- ASP Net identity two factor authentication last expired token is getting validated successfully
- Why string property must be declared as nullable string in Entity Framework Core when corresponding database table column is nullable
- HTTP Error 500.30 - ASP.NET Core app failed to start(abp-commercial)
- How to Configure Swagger to Display Different Model Classes Based on Content Type in .NET API
- How to register multiple implementations of the same interface with different dependencies
- How to remove UserName field from asp.net core 3 Identity
- Difference between BadRequestResult and BadRequestObjectResult
- Where do custom metrics I did not set come from
- How to force Visual Studio to re-create the SSL certificate for a .NET Core Web Application running Kestrel?
- How to map a user attribute to a standard OIDC claim in keycloak
- How to mock service injected by HttpContext.RequestServices.GetService<> in derived controller?
- ASP. NET Core 8: Error HTTP 500 and returnurl=%2F in the URL
- Asp Core, How to use PagingList<T>.CreateAsync() with a viewModel?
- Why is Application Insights showing no events
- ASP.NET Core - error 404.15 after adding authorization services
- Why am I getting this Content Policy error?
- SignalR hub connection StateChanged not working client
- Why is this API considered having ambiguous method/path combination when the names and routes are different?
- How to use "TypedHttpClientFactory" with "AddHttpMessageHandler"?