The next step is to make sure we secure these APIs through some type of authentication (token over basic preferred) and authorization once identified.
Security Level Up:
Add an endpoint to your API like “admin” that is never called by any of your in-house programs, but when it is called, it gathers as much information about the caller so you can see who’s snooping around your network.
Also wrap the whole thing in a IP rate limiter that triggers based on 401 responses so that if someone tries to brute force they get put in time out. Exponential one too
whoa… you have all the dotnet stuff correct for the version? There’s a list of things we had to upgrade. We also went to Windows Server 2019. Is that the same?
Got it to work, moved the sql bit out of the bpm into a function passing the function a string for cmdText. Added an assembly for System.Data.SqClient and it worked… why BPMs no longer work I have no idea