You have multiple microservices.All microservices are deployed in Azure. Microservices are exposed to outside through Azure APIM. How we can secure our microservices here.
HI Utpal,You Can do below things to secure API in apart from Azure API Managment Security1) Enable Cors2)JWT Authentication/Any Other Token managment2) URI Refererer Attribute In Controller/Method Level if Somebody bypass Authentication
Here The Filer will ensure APi should not call directly except from below urls
public class APIRefererAuthorizeAttribute : TypeFilterAttribute{ string[] origins = null; public APIRefererAuthorizeAttribute() : base(typeof(ApiAuthorizeFilter)) {
origins=new string[] { "https://localhost:5500/", "https://xyz.com" }; Arguments = new object[] { origins };}
origins=new string[] { "https://localhost:5500/", "https://xyz.com" };
Arguments = new object[] { origins };
}
For Azure API Managment Level Security , please refer below articleshttps://learn.microsoft.com/en-us/azure/api-management/mitigate-owasp-api-threats
https://dev.to/koheikawata/azure-api-management-authentication-part1-1198