| JBlankenship@overnite.com |
I would like to add a level of security to a web service that
would only allow the service to accept request from specified
clients/URLS. An example of this would be a web service that only excepts
requests from www.microsoft.com and www.mycompany.com. I have thought
about using System.Net.WebPermission to build a connectlist of URIs and there permission settings and then
comparing the contents of the connectlist to the url of the calling
client. I was hoping that someone out there give me some advice on this
subject.
Thanks,
Jon
|
|
| |
| |
| ramesh seshadri |
If you are using IIS as your web server, I believe it offers this exact
functionality. have you tried that ?
ramesh
[Original message clipped]
------------------------------------------------------------
Work An Hour for kids, with Asha for Education.
http://www.workanhour.com
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
|
|
| |
|
| |
| Peter Brunone |
Jon,
Have you checked into using web.config for this? I haven't tried it
yet, but that would be my first place to look.
-Peter
-----Original Message-----
From: Click here to reveal e-mail address [mailto:Click here to reveal e-mail address]
Sent: Monday, July 01, 2002 3:11 PM
To: aspngwebservices
Subject: [aspngwebservices] Web Service Security
I would like to add a level of security to a web service that
would only allow the service to accept request from specified clients/URLS.
An example of this would be a web service that only excepts requests from
www.microsoft.com and www.mycompany.com. I have thought about using
System.Net.WebPermission to build a connectlist of URIs and there permission
settings and then comparing the contents of the connectlist to the url of
the calling client. I was hoping that someone out there give me some advice
on this subject.
Thanks,
Jon | [aspngwebservices] member Click here to reveal e-mail address = YOUR ID |
http://www.asplists.com/asplists/aspngwebservices.asp = JOIN/QUIT |
http://www.asplists.com/search = SEARCH Archives
|
|
| |
|
| | |
| | |
| |
| Jeffrey Widmer |
What you want to use is Host Headers in IIS. This will let you specify that only people who type in specific url's, e.g. http://www.microsoft.com, will be allowed to visit your site. If they type in just the IP address the web site will not be found.
Hope this helps,
-Jeff
---------- Original Message ----------------------------------
From: "ramesh seshadri" <Click here to reveal e-mail address>
Reply-To: "aspngwebservices" <Click here to reveal e-mail address>
Date: Tue, 02 Jul 2002 03:04:08 +0000
[Original message clipped]
|
|
| |
|
| | |
| | |
| |
| Jeffrey Widmer |
What about checking the ServerVariables and redirecting if you do not see the domain name that you are interested in?
---------- Original Message ----------------------------------
From: Click here to reveal e-mail address
Reply-To: "aspngwebservices" <Click here to reveal e-mail address>
Date: Tue, 2 Jul 2002 10:03:40 -0500
[Original message clipped]
|
|
| |
|
| |
| Liz |
Use IIS Admin, click on the virtual directory, open properties, click on
Directory Security, edit IP Address and Domain Name restrictions and do what
you need to do ... you can also set these values programatically with ADSI
if you're so inclined ... you can do this at any level in the hierarchy you
need ... and that includes putting constraints on your .aspx, .asmx or .dll
files AT the file level ...
Using web.config may be a better alternative ... I don't know .. have not
taken the time just yet to figure out how web.config and IIS metabase-based
security interact with each other ...
<Click here to reveal e-mail address> wrote in message news:677456@aspngwebservices...
[Original message clipped]
|
|
| |
|
| | |
