I have a WCF service project where I've implemented custom basic authentication by following the guidelines here, and all is working great! However, I can't find if there is a way to deny unauthenticated users access to only specific endpoints.
In my project, I have about 5 endpoints and only want users to be authenticated against a couple of them. The others, I want to allow anonymous access to.
My web.config (snippet) is as such:
<system.web>
<customErrors mode="Off"/>
<authentication mode="None"/>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</assemblies>
</compilation>
<httpModules>
<add name="CustomBasicAuthentication" type="WebServices.Auth.CustomBasicAuthenticationModule, WebServices"/>
</httpModules>
<authorization>
<deny users="?"/>
</authorization>
<membership defaultProvider="defaultProvider">
<providers>
<add name="defaultProvider" type="WebServices.Auth.WSMembershipProvider, WebServices"/>
</providers>
</membership>
</system.web>
The endpoints are fairly plain as such:
<service name="WebServices.Distance" behaviorConfiguration="defaultBehavior">
<endpoint address="" binding="webHttpBinding" bindingConfiguration="defaultBinding" contract="WebServices.IDistance" behaviorConfiguration="rest" />
</service>
.... more endpoints below here ....
So instead of hitting all endpoints, can I say to deny unauthenticated users for endpoint #1 (or by name, or whatever).
I hope this makes some sense. If not, feel free to snark. :)