I have a project where users will be calling my contract from the web. I want to ensure they call the contract with exactly the parameters I give them. My strategy was to hash the combo of parameters, sign the hash with my webserver's private key and validate both the hash and signature in the contract.
This is essentially the authentication scheme described here: https://security.stackexchange.com/questions/82716/whats-to-stop-someone-from-just-mitming-a-checksum
What I can't figure out is how to validate the signature on-chain. Based on other discussions here, it seems like this is not possible because it costs too much gas. How do people normally handle this?