Hi, I have built a webservices, but it can accessed by all poeple. I want to it only used by the IP which I assigned. it's possible can do it on the webservices code. I was using vb
A:
You need to be careful if you use only IP to filter requests as this could be spoofed by a hacker. You should also use authentication if this needs to be secure.
Jason Rowe
2010-01-07 17:34:31
do you kwow how can I do that, because I need it be secure, Can I do it in the webservice.asmx file, because this file is a part of my website, I do not want the restriction affect other pages. thanks for your reply
Dirk
2010-01-07 17:45:22
Take a look at "Improving Web Services Security: Scenarios and Implementation Guidance for WCF". http://msdn.microsoft.com/en-us/library/cc949034.aspx
Jason Rowe
2010-01-07 19:39:29
Thanks for your help, I will look it up
Dirk
2010-01-07 20:10:12
A:
Intercept the request at the IIS level by setting a rule to only allow a speicific IP address to access your service. You can find this under IIS > [Site/Service Name] > Properties > Directory Security Tab > IP addresses and Domain Name restrictions.
George
2010-01-07 17:35:14
To George, Can I do it in the webservice.asmx file without set the IIS, because this file is a part of my website, I do not want the restriction affect other pages. thanks for your reply
Dirk
2010-01-07 17:46:08
A:
You could just run a check in each of your Webmethods that the clients IP is correct but as others have said an IP can be spoofed or subject to change so implementing authentication using WSE3.0 may be a better option.
[WebMethod]
public void DoSomething()
{
if(HttpContext.Current.Request.UserHostAddress == "allowed ip")
{
//Your code here
}
else
{
//Access Denied
}
}
Sheff
2010-01-08 09:26:37