0

I'm having trouble finding any information about this.

In web.config, is it possible to restrict access to just a single method/endpoint in a .svc/controller ? Or must one restrict access to the entire controller?

For example this works, but restricts access to the entire SVC:

<location path="ManagementService.svc">
    <system.webServer>
        <security>
            <ipSecurity configSource="config\ipFilter.config" />
        </security>
    </system.webServer>
</location>

If I have two methods in my SVC, and I want one to NOT be filtered, can I instead write something like:

<location path="ManagementService.svc/DeleteUser">
    <system.webServer>
        <security>
            <ipSecurity configSource="config\ipFilter.config" />
        </security>
    </system.webServer>
</location>

to restrict access only to a single method while leaving the other method reachable?

If the answer is NO it is not possible, what are the best alternatives to achieve this? Just checking IP in the code?

Robert Noack
  • 1,286
  • 14
  • 22
  • possible duplicate of [How do I restrict access to some methods in WCF?](http://stackoverflow.com/questions/11566182/how-do-i-restrict-access-to-some-methods-in-wcf) – jtabuloc Aug 01 '15 at 04:03

1 Answers1

0

Yes it's possible, but to filter by endpoint, you must use IFFilter at behavior level instead system.webServer, that affect all endpoints.

Remove the security tag from system.WebServer and add at behavior, like this:

   <serviceBehaviors>
    <behavior name="Filter1"> 
      <IPFilter filter="192.168.*.* 127.0.0.1" />           
    </behavior>
   </serviceBehaviors>

And, off course, you will need to create a different behavior for each endpoint you want to configure.

By method it's also possible, but you will need to implement in code.

Hope it helps.

Ricardo Pontual
  • 3,749
  • 3
  • 28
  • 43