Solved

IIS WebService Login Security?

Posted on 2006-06-26
6
585 Views
Last Modified: 2008-02-01
I like .NET Web Services, but I don't like the actual .asmx page in full view to the world.

So I changed the Authentication Method from the default Anonymous to Integrated...

Now I must include a username, password, domain within the Web Service Client (Windows App)
in order for my clients to access the Web Service...

Problem: I will need to change the IIS password regularly, so the hardcoded (Windows App) password will become uselss.

I hardcode to send authentication to IIS because I cannot get a default IIS Auth Window to popup.

Not sure how to proceed, help???
0
Comment
Question by:kvnsdr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 16989987
Who access the Web service? If it's on a private network, then you could stick the Web service into an IIS root that only allow those IP addresses.
If it's a public service but only a few sites can call it:
1. If you know their IPs, use that to block all requests but those IPs
2. If IP is not reliable, you could pass a U/P to the Web service (using https if that information is sensitive)

If you do either of those, put back Anonymous for your Auth method.
0
 
LVL 1

Author Comment

by:kvnsdr
ID: 16991827
I know everyones IP, so if there where a method to automatically add them to IIS..........
0
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 16994390
I'm missing a bit of information to help you all the way, but I'll try.
So I'm assuming you are putting your Web services in the same directories as your website.
So www.mysite.com/MyService.asmx right?

If www.mysite.com is also used for other content that's publicly available, then you need to segment the sites:
service.mysite.com and create a Web just for those, or at least stick them in a sub-directory like www.mysite.com/WebServices/MyService.asmx

Then Go to IIS.msc
1. Open up Web sites and then either
a) Right-click your service.mysite.com Web
b) Or Open up www.mysite.com and right-click the WebServices directory
2. Click the Directory Security Tab and under IP address and domain name restrictions click the Edit button
3. Select Denied access instead of Grant access this will deny everyone
4. Then cllick Add and add allowed IPs, this will then Deny all IPs except the ones listed.
5. Ok everything
6. Enjoy :)
0
Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

 
LVL 1

Author Comment

by:kvnsdr
ID: 16996416
I need to find a programmer who might know where to start on adding these IP programmatically.
0
 
LVL 26

Accepted Solution

by:
DireOrbAnt earned 500 total points
ID: 16997804
From http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/html/ac1cfc44-d09c-4297-accf-ab49880441ca.asp

' Set up variables.
Set IIsWebVirtualDirObj = GetObject("IIS://localhost/W3SVC/1/Root")
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity

Dim IPList
IPList = Array()

' If GrantByDefault is True, you can only use IPDeny and DomainDeny.
If True = IIsIPSecurityObj.GrantByDefault Then

  ' Insert a new restriction.
  IPList = IIsIPSecurityObj.IPDeny
  If (-1 = Ubound(IPList)) Then WScript.Echo("Currently no IP Addresses are denied")
  Redim IPList (Ubound(IPList)+1)
  IPList (Ubound(IPList)) = "123.0.0.1,255.255.255.0"

  ' Set the new lists back in the metabase in two stages, and then save  
  ' the metabase.
  IIsIPSecurityObj.IPDeny = IPList
  IIsWebVirtualDirObj.IPSecurity = IIsIPSecurityObj
  IIsWebVirtualDirObj.Setinfo
  WScript.Echo("The IPRestriction has been set")

  ' Display the IP restrictions.
  IIsWebVirtualDirObj.Getinfo
  Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity
  IPList = IIsIPSecurityObj.IPDeny
  WScript.Echo("These IP addresses are denied:")
  For Each IP In IIsIPSecurityObj.IPDeny  
    WScript.Echo(IP)
  Next

End if

0
 
LVL 1

Author Comment

by:kvnsdr
ID: 17001794
I could not successfully convert your examle to C#, but found another example on The Code Project:

http://www.codeproject.com/csharp/iiswmi.asp


Thank  you for steering me in the correct direction........
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question