I have a web app running on Azure with IP & Domain restrictions enabled to Whitelist specific sources. We want to ensure our app is only used by sources we trust.
A new product we are trying to incorporate uses custom HTTP Headers to validate it's requests to us. They do not have an IP range or domain name we can whitelist.
Is it possible to add something to the web.config that would allow these inbound HTTP requests through to my web app if the specified custom header is present?