AnsweredAssumed Answered

Secure my Create User service API

Question asked by jamilnour on Jul 1, 2019

Hello,

 

I have created a CreateUser webscript service to offer to new users the auto creation of an account to our ACS based solution.

For security reason I added a Captcha support verification.

 

Now I have to use this same service as an API call from another server (Wix) to create new users. So it is not possible now to use the Captcha support for this call.

 

My question is how to secure this call from Wix to our server and keep the auto creation of the users working?

 

My concern is because I can't add authentication method to this service because it is public and can be called without authentication to register new users

<authentication runas="admin">none</authentication>

And I can't use a Client Authentication to secure the communication between Wix and our public ACS server to accept calls only from Wix

 

Thank you

Jamil

Outcomes