0

I have a c# .net wcf web service on a windows server with iis. I need to know if there is a way to tell the web service that it can accept request only from specific URL. example: ApplicationA call ApplicationAwebService = should work ApplicationB call ApplicationAwebService = should be denied

Right now, they are all on the same server, but I need a solution that works even if they are on a different server (3tier applications). thanks

Captain Kirk
  • 63
  • 2
  • 9
  • And how would you know which application is calling your web service? By client IP Address maybe? – Rick S Feb 21 '17 at 21:15

1 Answers1

1

If you are using WCF then its possible to use mutual authentication between services and clients. Mutual authentication achieves not only security for the server to accept connections from legit clients but provides the ability for the clients to verify that they are talking to a legit server.

Mutual authentication can be achieved through Message security (Encrypting the data sent between the client and server and vice versa) by using certificates, kerberos (Windows auth), tokens and a username/password configuration.

Mutual authentication can also be achieved in WCF through rolebased authentication, identities, and resource based authentication

Reference from msdn: https://msdn.microsoft.com/en-us/library/ff647503.aspx

uzr
  • 1,210
  • 1
  • 13
  • 26
  • After reading the information, I'm still nor sure it's what I'm looking for. I need the webserviceA to allow only communication between ApplicationA and not applicationB. When they are on the same server, everything is already windows authentication, so they have all access. So ApplicationB could try calling the webserviceA and I need to denied this access. I could use url of allowed application if it could be an option. – Captain Kirk Feb 22 '17 at 13:37
  • Check http://stackoverflow.com/questions/1075618/limit-access-of-asmx-web-service-to-specific-ip-addresses if you are running IIS – uzr Feb 22 '17 at 13:55