I typically ask my questions over on StackOverflow, however this one I know would immediately get voted down as requiring someone to give their opinion, heaven forbid! I'm hoping the folks over here are a little more forgiving in this area.
I am converting a really old ColdFusion app over to .NET. This version is a stepping stone to where I'd like it to be, ie. Angular, etc. I've created all of the database interactions as .NET MVC Web Api while using client side code (jQuery AJAX) for the front end. Ideally we should be using an SSO to secure access to the API but that won't be implemented for at least another year. In the meantime, this app needs to go live yesterday and I realize it would not be smart to leave open the ability to insert records into the database by someone able to guess or discover the URL to my API.
I'd like to start simple and get more complex and secure as time permits. The reality is time is short and I can only learn so fast. There must be (maybe an old school way) a simple way to implement a token or similar method such that a) only MY web app can submit to the API and/or b) only the authenticated user can connect to the API. Suggestions?