Elsa v3: Secure Http trigger APIs (paths) for workflow execution #4499
abhjitsantra
started this conversation in
Design & tech
Replies: 1 comment
-
Hi @abhjitsantra , In order to protect HTTP Endpoint workflows, you need to do two things:
For step 1, you can configure the desired strategy as follows from Program.cs: services.AddElsa(elsa =>
{
elsa.UseHttp(http =>
{
http.HttpEndpointAuthorizationHandler = sp => sp.GetRequiredService<AuthenticationBasedHttpEndpointAuthorizationHandler>();
});
} |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have setup ELSA server to use default authentication. I have not enabled admin API key and admin credentials. When I try to invoke APIs e.g.
/workflow-definitions
, it expects a valid Bearer token or API key to be sent as part of theAuthorization
header of the request, otherwise it returns 401 error response. If I try to trigger a workflow via http trigger, I can do that without anyAuthorization
header and it succeeds. Not sure if it happens inlocalhost
env only.Beta Was this translation helpful? Give feedback.
All reactions