0

I am using ASP.NET web services. For the purposes of this question lets say I have 2 web methods:

    [WebMethod]
    public string Checkmeplese() {
        return "Hello World";
    }
    [WebMethod]
    public string CheckSomethingElse()
    {
        return "Check Something Else String";
    }

and that I am using the latest version of IIS.

If I place my web services on a publicly accessible server then I can access it with no problem, but so can everyone else.

I want to build a frontend which will use the web service but I don't want other people to be able to access it.

How can I do that only my project will be able to access the web service, or at least IP?

Stephen Kennedy
  • 20,585
  • 22
  • 95
  • 108
FreeZomi
  • 13
  • 4
  • This may be for you: http://stackoverflow.com/a/1076026/492258 – asdf_enel_hak Dec 21 '14 at 11:33
  • First of all you need to decide on what basis you want to restrict access: is it by the IP address of the caller, by username and password, or something else? What is the front end and who will be using the front end? – Stephen Kennedy Dec 21 '14 at 11:33
  • The both will be on the same pc, and i will have a website talking to the webservice. – FreeZomi Dec 21 '14 at 11:36

2 Answers2

0

If I understand your problem then you have following scenario.

Your web application and Web service hosted in IIS. Your web application use web service and you want only your web application can have access to web service. You have to identify following thing.

  1. If your web service is not accessed from client side script and only accessed from code behind of web application then host your web service as localhost instead of ip address or * binding in IIS. This allow your web service to accessible from Web application when it request as localhost.

  2. If your web service need to accessed from client side then you have to restrict ( This case include many thing). Username and password protection , token based mechanism , Cross site request posting so you have to decide what you have to with. Even You restrict with IP address.

dotnetstep
  • 17,065
  • 5
  • 54
  • 72
0

Use can use built-in ASP.NET filtering:

<system.webServer>
    <security>
        <ipSecurity allowUnlisted="false">                
            <clear/>
            <add ipAddress="a.b.c.d" allowed="true"/>
        </ipSecurity>
    </security>
</system.webServer>
Ricardo Peres
  • 13,724
  • 5
  • 57
  • 74