Currently, I building my website personal (using ASP.NET MVC 3).
I want to provide some services to public by using API, finished building everything, but RESTFul does not contain on Authorization, I read this article:
But I could not use the method with ASP.NET MVC 3!!
I want the following:
1- Send Api-Keys for those who want to use my service
2- verify Domain (owner api-key == OR != owner domain) !!!! Is this possible?
You could make it a requirement that they always send their key in the requests. Then you could subclass the AuthorizeAttribute to check if the key in the request matches something in your datastore. This attribute can then be decorated on your controllers.
You can get the domain making the request using Request.UrlReferrer