Solved

IIS WebService Login Security?

Posted on 2006-06-26
6
581 Views
Last Modified: 2008-02-01
I like .NET Web Services, but I don't like the actual .asmx page in full view to the world.

So I changed the Authentication Method from the default Anonymous to Integrated...

Now I must include a username, password, domain within the Web Service Client (Windows App)
in order for my clients to access the Web Service...

Problem: I will need to change the IIS password regularly, so the hardcoded (Windows App) password will become uselss.

I hardcode to send authentication to IIS because I cannot get a default IIS Auth Window to popup.

Not sure how to proceed, help???
0
Comment
Question by:kvnsdr
  • 3
  • 3
6 Comments
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 16989987
Who access the Web service? If it's on a private network, then you could stick the Web service into an IIS root that only allow those IP addresses.
If it's a public service but only a few sites can call it:
1. If you know their IPs, use that to block all requests but those IPs
2. If IP is not reliable, you could pass a U/P to the Web service (using https if that information is sensitive)

If you do either of those, put back Anonymous for your Auth method.
0
 
LVL 1

Author Comment

by:kvnsdr
ID: 16991827
I know everyones IP, so if there where a method to automatically add them to IIS..........
0
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 16994390
I'm missing a bit of information to help you all the way, but I'll try.
So I'm assuming you are putting your Web services in the same directories as your website.
So www.mysite.com/MyService.asmx right?

If www.mysite.com is also used for other content that's publicly available, then you need to segment the sites:
service.mysite.com and create a Web just for those, or at least stick them in a sub-directory like www.mysite.com/WebServices/MyService.asmx

Then Go to IIS.msc
1. Open up Web sites and then either
a) Right-click your service.mysite.com Web
b) Or Open up www.mysite.com and right-click the WebServices directory
2. Click the Directory Security Tab and under IP address and domain name restrictions click the Edit button
3. Select Denied access instead of Grant access this will deny everyone
4. Then cllick Add and add allowed IPs, this will then Deny all IPs except the ones listed.
5. Ok everything
6. Enjoy :)
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Author Comment

by:kvnsdr
ID: 16996416
I need to find a programmer who might know where to start on adding these IP programmatically.
0
 
LVL 26

Accepted Solution

by:
DireOrbAnt earned 500 total points
ID: 16997804
From http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/html/ac1cfc44-d09c-4297-accf-ab49880441ca.asp

' Set up variables.
Set IIsWebVirtualDirObj = GetObject("IIS://localhost/W3SVC/1/Root")
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity

Dim IPList
IPList = Array()

' If GrantByDefault is True, you can only use IPDeny and DomainDeny.
If True = IIsIPSecurityObj.GrantByDefault Then

  ' Insert a new restriction.
  IPList = IIsIPSecurityObj.IPDeny
  If (-1 = Ubound(IPList)) Then WScript.Echo("Currently no IP Addresses are denied")
  Redim IPList (Ubound(IPList)+1)
  IPList (Ubound(IPList)) = "123.0.0.1,255.255.255.0"

  ' Set the new lists back in the metabase in two stages, and then save  
  ' the metabase.
  IIsIPSecurityObj.IPDeny = IPList
  IIsWebVirtualDirObj.IPSecurity = IIsIPSecurityObj
  IIsWebVirtualDirObj.Setinfo
  WScript.Echo("The IPRestriction has been set")

  ' Display the IP restrictions.
  IIsWebVirtualDirObj.Getinfo
  Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity
  IPList = IIsIPSecurityObj.IPDeny
  WScript.Echo("These IP addresses are denied:")
  For Each IP In IIsIPSecurityObj.IPDeny  
    WScript.Echo(IP)
  Next

End if

0
 
LVL 1

Author Comment

by:kvnsdr
ID: 17001794
I could not successfully convert your examle to C#, but found another example on The Code Project:

http://www.codeproject.com/csharp/iiswmi.asp


Thank  you for steering me in the correct direction........
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question