I’m trying to restrict access to a service so it can only be called via a MQ, not HTTP. I’ve decorated the Request DTO with [Restrict(RequestAttributes.MessageQueue)]
to try to achieve this but it doesn’t prevent HTTP access.
Having had a browse around the source code I found the ToAllowedFlagsSet
method and found that:
RequestAttributes.MessageQueue.ToAllowedFlagsSet()
has a value of MessageQueue | Any
I believe this is because RequestAttributes.Any
doesn’t include RequestAttributes.AnyEndpoint
If this is not a bug, is there a different way of preventing HTTP access to a service.