What is the proper virtual directory access permission level required for a SOAP web service?

Question

When setting up a new virtual directory for hosting a SOAP web service in IIS 6.0 on a Server 2003 box I am required to set the access permissions for the virtual directory. The various permissions are to allow/disallow the following:

• Read
• Run scripts (such as ASP)
• Execute (such as ISAPI or CGI)
• Write
• Browse

The SOAP web service is being published through the SOAP3.0 ISAPI server with the extensions set to "Allowed" in the Web Service Extensions pane of the IIS Manager.

Since I don't want to expose the contents of this directory to the web I know Browse is not desirable. But, I don't know if I need to have the Run scripts, Execute, and Write permissions enabled to properly publish this web service. The web service is being used to send and receive XML data sets between the server and remote clients. What is the correct level of access permission for my SOAP web service's virtual directory?

Answer 1

you'll need read, run scripts at a minimum.

Answer 2

@Darren, Upon further examination, I've come to the conclusion that one assumption I had about needing Read permissions was incorrect. SOAP web services only need the "Run scripts" permission enabled because the .wsdl apparently comes from the web service in the form of a script execution response. So the minimum required for a SOAP3.0 web service's directory is Run scripts; thanks for your input on this!