Add identy check route leveraging API key and requestor IP for access
Opened this issue · 0 comments
samatstariongroup commented
Prerequisites
- I have written a descriptive issue title
- I have verified that I am running the latest version of the COMET Web Services
- I have searched open and closed issues to ensure it has not already been reported
Description
Add a dedicated route that allows an identidy provider to authenticate a user agains the COMET database.
- implement GET request that uses username/password to validate user and return user info, including roles and permissions
- Implement GET request to assert whehter a user with a specific username exists, this will only return true or false and will not authenticate that user. This route needs to be rate limited (rate limitation needs to be configurable)
- protect route using an API keu
- only allow specific ip address to make the request
use policy based authentication to inplement - https://www.blogofpi.com/policy-based-authorization-in-asp-net-core/
this route will be used by external identity providers to perform authentication
- COMET Web Services version: net6/net7 version