i want to develop layer with web api which will co exist in our asp.net web application. from various part of our web apps we will call web api function from server side code and client side jquery code. now the question is how we can provide security as a result only our web application can send request to our web api if other people try to use our web api then they may not be able.
i can send a encrypted security/token key along with all request for web api but the problem is our jquery code is open and anyone can see and understand to which web api url we are sending request. so anyone can send request to that url with encrypted security/token key after copying it.
i am looking for best guide line by which we can provide security for our web api.
also discuss if we host our web api separately instead of putting in our web project then how many ways we can provide security to our web api as a result out sider can not send request to our web api.
looking all possible ways by which we can put security in our web api when web api is hosted in our web project or separately in iis. looking for discussion in details. thanks