Solved

IIS WebService Login Security?

Posted on 2006-06-26
6
587 Views
Last Modified: 2008-02-01
I like .NET Web Services, but I don't like the actual .asmx page in full view to the world.

So I changed the Authentication Method from the default Anonymous to Integrated...

Now I must include a username, password, domain within the Web Service Client (Windows App)
in order for my clients to access the Web Service...

Problem: I will need to change the IIS password regularly, so the hardcoded (Windows App) password will become uselss.

I hardcode to send authentication to IIS because I cannot get a default IIS Auth Window to popup.

Not sure how to proceed, help???
0
Comment
Question by:kvnsdr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 16989987
Who access the Web service? If it's on a private network, then you could stick the Web service into an IIS root that only allow those IP addresses.
If it's a public service but only a few sites can call it:
1. If you know their IPs, use that to block all requests but those IPs
2. If IP is not reliable, you could pass a U/P to the Web service (using https if that information is sensitive)

If you do either of those, put back Anonymous for your Auth method.
0
 
LVL 1

Author Comment

by:kvnsdr
ID: 16991827
I know everyones IP, so if there where a method to automatically add them to IIS..........
0
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 16994390
I'm missing a bit of information to help you all the way, but I'll try.
So I'm assuming you are putting your Web services in the same directories as your website.
So www.mysite.com/MyService.asmx right?

If www.mysite.com is also used for other content that's publicly available, then you need to segment the sites:
service.mysite.com and create a Web just for those, or at least stick them in a sub-directory like www.mysite.com/WebServices/MyService.asmx

Then Go to IIS.msc
1. Open up Web sites and then either
a) Right-click your service.mysite.com Web
b) Or Open up www.mysite.com and right-click the WebServices directory
2. Click the Directory Security Tab and under IP address and domain name restrictions click the Edit button
3. Select Denied access instead of Grant access this will deny everyone
4. Then cllick Add and add allowed IPs, this will then Deny all IPs except the ones listed.
5. Ok everything
6. Enjoy :)
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 1

Author Comment

by:kvnsdr
ID: 16996416
I need to find a programmer who might know where to start on adding these IP programmatically.
0
 
LVL 26

Accepted Solution

by:
DireOrbAnt earned 500 total points
ID: 16997804
From http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/html/ac1cfc44-d09c-4297-accf-ab49880441ca.asp

' Set up variables.
Set IIsWebVirtualDirObj = GetObject("IIS://localhost/W3SVC/1/Root")
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity

Dim IPList
IPList = Array()

' If GrantByDefault is True, you can only use IPDeny and DomainDeny.
If True = IIsIPSecurityObj.GrantByDefault Then

  ' Insert a new restriction.
  IPList = IIsIPSecurityObj.IPDeny
  If (-1 = Ubound(IPList)) Then WScript.Echo("Currently no IP Addresses are denied")
  Redim IPList (Ubound(IPList)+1)
  IPList (Ubound(IPList)) = "123.0.0.1,255.255.255.0"

  ' Set the new lists back in the metabase in two stages, and then save  
  ' the metabase.
  IIsIPSecurityObj.IPDeny = IPList
  IIsWebVirtualDirObj.IPSecurity = IIsIPSecurityObj
  IIsWebVirtualDirObj.Setinfo
  WScript.Echo("The IPRestriction has been set")

  ' Display the IP restrictions.
  IIsWebVirtualDirObj.Getinfo
  Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity
  IPList = IIsIPSecurityObj.IPDeny
  WScript.Echo("These IP addresses are denied:")
  For Each IP In IIsIPSecurityObj.IPDeny  
    WScript.Echo(IP)
  Next

End if

0
 
LVL 1

Author Comment

by:kvnsdr
ID: 17001794
I could not successfully convert your examle to C#, but found another example on The Code Project:

http://www.codeproject.com/csharp/iiswmi.asp


Thank  you for steering me in the correct direction........
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question