Limiting access to web service

views:

answers:

+1 Q:

Limiting access to web service

Hi, Is there any way to restrict access to my (.NET) web service without modifying the actual web service code and/or the calling app? Basically, I have the web service on one subdomain and would like to be able to call it from different app in another subdomain, both on a same machine.

Regards,

Ondrej

Edit: Important information I forgot to mention. It is hosted by a hosting company so I was hoping there was something like a possibility to limit access in web config. If not I will have to talk to the hosting provider to do one of the things that have been proposed.

+1 A:

You can restrict access in IIS based on IP address of the client...

John Weldon 2009-12-03 23:14:35

+4 A:

Instinctively I would say that if your web service is only supposed to be used locally, it shouldn't be exposed to the web in the first place. Perhaps you could host it on a port that isn't open for external access in the server's firewall?

Since that would effectively alter the URL of the web service though, you would have to change the configuration of the calling app (assuming the WS URL is stored in configuration rather than being hard-coded).

Anders Fjeldstad 2009-12-03 23:27:58

I agree with Anders, restricting the webservice to localhost would be best practice (if that is sufficient), but otherwise you should get your hosting company to restrict access on IIS.

This is a bit less flexible, but I don't think it is possible to restrict ip access based on web.config...

Sune Rievers 2009-12-04 00:14:40

ansaurus

tags:

views:

answers:

Limiting access to web service

related questions