0

How to configure that a web service only be called by one specific web application? Both ones are in the same IIS server. Framework: 2.0

I think that setting web.config of web service would be enough. On this example, I'm setting web.config of web service. Web service will be called only by one IP address (127.0.0.1 is IP of IIS Server):

<location path="resources"> <system.webServer> <security> <ipSecurity allowUnlisted="false"> <clear/> <add ipAddress="127.0.0.1"/> </ipSecurity> </security> </system.webServer> </location>

Would it be ok?

Improve this question
0

1 Answer 1

Reset to default
1

If it's only being called by one specific application on the same server, a Web Service may not be the right choice. It would make more sense for the code to be within a class in the same app. Web services are best suited for situations where multiple apps need to access the same functions.

That said, with IPV6 coming, the option you thought of won't work. If you're really just trying to limit requests to apps that come from the same sever, in you can put the following in code to check to see if it's coming from the local server:

if(Request.IsLocal) { //code here }

For simplicity's sake, you can put the following in Application_BeginRequest in the global.asax file for the web services:

if(!Request.IsLocal) { throw new Exception("Only local requests are allowed"); }

This will effectively fend off anything not coming from localhost.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.