Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

IIS WebService Login Security?

Posted on 2006-06-26
6
Medium Priority
?
592 Views
Last Modified: 2008-02-01
I like .NET Web Services, but I don't like the actual .asmx page in full view to the world.

So I changed the Authentication Method from the default Anonymous to Integrated...

Now I must include a username, password, domain within the Web Service Client (Windows App)
in order for my clients to access the Web Service...

Problem: I will need to change the IIS password regularly, so the hardcoded (Windows App) password will become uselss.

I hardcode to send authentication to IIS because I cannot get a default IIS Auth Window to popup.

Not sure how to proceed, help???
0
Comment
Question by:kvnsdr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 16989987
Who access the Web service? If it's on a private network, then you could stick the Web service into an IIS root that only allow those IP addresses.
If it's a public service but only a few sites can call it:
1. If you know their IPs, use that to block all requests but those IPs
2. If IP is not reliable, you could pass a U/P to the Web service (using https if that information is sensitive)

If you do either of those, put back Anonymous for your Auth method.
0
 
LVL 1

Author Comment

by:kvnsdr
ID: 16991827
I know everyones IP, so if there where a method to automatically add them to IIS..........
0
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 16994390
I'm missing a bit of information to help you all the way, but I'll try.
So I'm assuming you are putting your Web services in the same directories as your website.
So www.mysite.com/MyService.asmx right?

If www.mysite.com is also used for other content that's publicly available, then you need to segment the sites:
service.mysite.com and create a Web just for those, or at least stick them in a sub-directory like www.mysite.com/WebServices/MyService.asmx

Then Go to IIS.msc
1. Open up Web sites and then either
a) Right-click your service.mysite.com Web
b) Or Open up www.mysite.com and right-click the WebServices directory
2. Click the Directory Security Tab and under IP address and domain name restrictions click the Edit button
3. Select Denied access instead of Grant access this will deny everyone
4. Then cllick Add and add allowed IPs, this will then Deny all IPs except the ones listed.
5. Ok everything
6. Enjoy :)
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 1

Author Comment

by:kvnsdr
ID: 16996416
I need to find a programmer who might know where to start on adding these IP programmatically.
0
 
LVL 26

Accepted Solution

by:
DireOrbAnt earned 1500 total points
ID: 16997804
From http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/html/ac1cfc44-d09c-4297-accf-ab49880441ca.asp

' Set up variables.
Set IIsWebVirtualDirObj = GetObject("IIS://localhost/W3SVC/1/Root")
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity

Dim IPList
IPList = Array()

' If GrantByDefault is True, you can only use IPDeny and DomainDeny.
If True = IIsIPSecurityObj.GrantByDefault Then

  ' Insert a new restriction.
  IPList = IIsIPSecurityObj.IPDeny
  If (-1 = Ubound(IPList)) Then WScript.Echo("Currently no IP Addresses are denied")
  Redim IPList (Ubound(IPList)+1)
  IPList (Ubound(IPList)) = "123.0.0.1,255.255.255.0"

  ' Set the new lists back in the metabase in two stages, and then save  
  ' the metabase.
  IIsIPSecurityObj.IPDeny = IPList
  IIsWebVirtualDirObj.IPSecurity = IIsIPSecurityObj
  IIsWebVirtualDirObj.Setinfo
  WScript.Echo("The IPRestriction has been set")

  ' Display the IP restrictions.
  IIsWebVirtualDirObj.Getinfo
  Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity
  IPList = IIsIPSecurityObj.IPDeny
  WScript.Echo("These IP addresses are denied:")
  For Each IP In IIsIPSecurityObj.IPDeny  
    WScript.Echo(IP)
  Next

End if

0
 
LVL 1

Author Comment

by:kvnsdr
ID: 17001794
I could not successfully convert your examle to C#, but found another example on The Code Project:

http://www.codeproject.com/csharp/iiswmi.asp


Thank  you for steering me in the correct direction........
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question