Implement EM-to-EM authentication #2
Description
An idea would be to use symmetric key cryptography to sign the outgoing event from the “source EM” and then use the same key to decript the event in the target EM.
The key is provided by the user in the appsettings and is manually shared with all the “target EMs”.
There should be a special item in the appsettings config to place the current EM’s key. And each subscriber can potentially be associated with a key (which is manually provided by each of them)
Note that this should also support messages coming from an external service which doesn't use EM. In this case, it might be easier to just use a pre-shared API key, which can be a general setting in the applicationsettings.json of the host. All EM in a network use the same API key when communicating with each other (sent via a header), and the rest of external services just user this API key manually.
The API key approach is not very secure, but it at least ensures that no entities outside of the network send requests to the EM event reception endpoint.
... Possibly instead of API Key we can call it EM Network Key