none
How to restrict access to WCF service hosted on IIS? RRS feed

  • Question

  • I have a WCF service hosted on IIS. I want to restrict access to the service. This is in intranet.

    I want to use Windows authentication. I have disabled the Anonymous access to the web site that is hosting the service. I enabled Windows authentication. I edited the permissions for the web site to allow access to only certain users.

    I was able to configure the service and client with windows authentication. I am able to authorize the client for an operation using [PrincipalPermission(SecurityAction.Demand, Role = "SomeRole")] attribute.

    What's happening is:

    If I am not using [PrincipalPermission] attribute then other domain users are able to call the web service operation and execute.

    Can we restrict the access to the service?

    Like when someone requests the URL, http://svr1/Test/TestSvc.svc, throw an error.

    Thanks for the help.

    Thursday, April 4, 2013 7:58 PM

Answers

All replies

  • <system.web>
     
                <authentication mode="Windows"/>
     
                <authorization>
     
                       
             <allow users="DOMAIN\ServiceAccount"/>
     
                      <deny users="*"/>
     
                </authorization>
     
          </system.web>
    


    Apriori algorithm [association rule]

    Thursday, April 4, 2013 9:30 PM
  • Sukumar,  Thanks for the reply.

    Your solution did not work. I have a simple html file in the hosting site. The security is working for that file but not for the service file.

    I don't know if we can restrict/deny access to a service.

    Friday, April 5, 2013 9:42 AM
  • The simple solution would be restrict access to the service by enabling "IP Address and Domain restrictions " on IIS. 

    Choose the web application that is hosting the service on IIS, on right hand side "IP Address and Domain Restrictions" can be utilised to add authenticated user's IP address. So that other domain users can not access the service. Refer below image.

    Note that an alternative solution is implementing the same in the service. Refer 

    http://www.codeproject.com/Articles/37280/WCF-Service-Behavior-Example-IPFilter-Allow-Deny-A


    Apriori algorithm [association rule]

    Monday, April 8, 2013 10:45 AM