How do I disable access to ASP.NET Core 8 web API identity methods?
I have an ASP.NET Core 8 web API. I have disabled Swagger documentation in production, but the endpoints shown below are still available for use. For example, I can still use the register endpoint in Postman even though I can't see the Swagger documentation.
The only endpoints that I need in production are login and refresh. Users do not create their own accounts or manage passwords. I don't see these endpoints in the code like the endpoints I have added in controllers. How can I prevent access to these endpoints in my production site?
Somewhere in your code, you make a call to MapIdentityApi, which adds all identity endpoints and is not configurable. See the source code
You should get rid of your call to MapIdentityApi and copy the login and refresh endpoints from the source code mentioned above to your own controller or minimal api.
- Mock IMemoryCache with Moq throwing exception
- Issues authenticating ASP.NET Core via Oracle Oauth when site is behid WAF/Gateway
- Duplicate 'System.Reflection.AssemblyInformationalVersionAttribute' attribute
- Don't show the success message by using toastr.js after deleting the category with the sweetalert2.js, just showing the error: toastr is not defined
- This Page isn't working Localhost redirected too many times MVC
- Command line to install/upgrade .NET Core
- What is the right way to get data from related tables using an entity and business models separately in ASP.NET Core Web API?
- Correlation failed in net.core / asp.net identity / openid connect
- API result not deserializing as expected
- Why has Newtonsoft [JsonIgnore] stopped working in asp core mvc
- How do I disable access to ASP.NET Core 8 web API identity methods?
- Minimal API or AccountController for Login with ASP.NET Core Identity?
- .NET 8 & Blazor components nullable warning with @ref
- How to retrieve a list of Memory Cache keys in asp.net core?
- How to resolve "Source not found" Error in Package Mapping Context in .NET
- Is it okay to check user claims in AuthorizationHandler only if a route parameter requires users to be authorized?
- How to fix network error in react-native when access localhost API
- How to use new UseExceptionHandler and Error page in Blazor net8.0
- Can you set OutputCache Tag dynamically in .NET 8?
- ASP.NET Core Development Certificates - error exporting the HTTPS developer certificate
- During deserialization using System.Text.Json, I get an error "Each parameter in the deserialization constructor must bind to an object property"
- How to use Hangfire with dependency injection in ASP.NET Core?
- ASP.NET Core 8.0 MVC & Identity : error when mocking, System.NotSupportedException: The default UI requires a user store with email support
- Run ajax call after close modal form ASP.NET Core
- How to update the model when using database first approach
- How to get transient DbContext in ASP.NET MVC Core?
- How to pre-populate a 'date' input field with Razor/C# values
- Minimal API in .NET 6 using multiple files
- Endpoints in Program.cs work but not in Controller
- Carter modules are not registered in ASP.NET Core app