Solved

IIS WebService Login Security?

Posted on 2006-06-26
6
578 Views
Last Modified: 2008-02-01
I like .NET Web Services, but I don't like the actual .asmx page in full view to the world.

So I changed the Authentication Method from the default Anonymous to Integrated...

Now I must include a username, password, domain within the Web Service Client (Windows App)
in order for my clients to access the Web Service...

Problem: I will need to change the IIS password regularly, so the hardcoded (Windows App) password will become uselss.

I hardcode to send authentication to IIS because I cannot get a default IIS Auth Window to popup.

Not sure how to proceed, help???
0
Comment
Question by:kvnsdr
  • 3
  • 3
6 Comments
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 16989987
Who access the Web service? If it's on a private network, then you could stick the Web service into an IIS root that only allow those IP addresses.
If it's a public service but only a few sites can call it:
1. If you know their IPs, use that to block all requests but those IPs
2. If IP is not reliable, you could pass a U/P to the Web service (using https if that information is sensitive)

If you do either of those, put back Anonymous for your Auth method.
0
 
LVL 1

Author Comment

by:kvnsdr
ID: 16991827
I know everyones IP, so if there where a method to automatically add them to IIS..........
0
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 16994390
I'm missing a bit of information to help you all the way, but I'll try.
So I'm assuming you are putting your Web services in the same directories as your website.
So www.mysite.com/MyService.asmx right?

If www.mysite.com is also used for other content that's publicly available, then you need to segment the sites:
service.mysite.com and create a Web just for those, or at least stick them in a sub-directory like www.mysite.com/WebServices/MyService.asmx

Then Go to IIS.msc
1. Open up Web sites and then either
a) Right-click your service.mysite.com Web
b) Or Open up www.mysite.com and right-click the WebServices directory
2. Click the Directory Security Tab and under IP address and domain name restrictions click the Edit button
3. Select Denied access instead of Grant access this will deny everyone
4. Then cllick Add and add allowed IPs, this will then Deny all IPs except the ones listed.
5. Ok everything
6. Enjoy :)
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:kvnsdr
ID: 16996416
I need to find a programmer who might know where to start on adding these IP programmatically.
0
 
LVL 26

Accepted Solution

by:
DireOrbAnt earned 500 total points
ID: 16997804
From http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/html/ac1cfc44-d09c-4297-accf-ab49880441ca.asp

' Set up variables.
Set IIsWebVirtualDirObj = GetObject("IIS://localhost/W3SVC/1/Root")
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity

Dim IPList
IPList = Array()

' If GrantByDefault is True, you can only use IPDeny and DomainDeny.
If True = IIsIPSecurityObj.GrantByDefault Then

  ' Insert a new restriction.
  IPList = IIsIPSecurityObj.IPDeny
  If (-1 = Ubound(IPList)) Then WScript.Echo("Currently no IP Addresses are denied")
  Redim IPList (Ubound(IPList)+1)
  IPList (Ubound(IPList)) = "123.0.0.1,255.255.255.0"

  ' Set the new lists back in the metabase in two stages, and then save  
  ' the metabase.
  IIsIPSecurityObj.IPDeny = IPList
  IIsWebVirtualDirObj.IPSecurity = IIsIPSecurityObj
  IIsWebVirtualDirObj.Setinfo
  WScript.Echo("The IPRestriction has been set")

  ' Display the IP restrictions.
  IIsWebVirtualDirObj.Getinfo
  Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity
  IPList = IIsIPSecurityObj.IPDeny
  WScript.Echo("These IP addresses are denied:")
  For Each IP In IIsIPSecurityObj.IPDeny  
    WScript.Echo(IP)
  Next

End if

0
 
LVL 1

Author Comment

by:kvnsdr
ID: 17001794
I could not successfully convert your examle to C#, but found another example on The Code Project:

http://www.codeproject.com/csharp/iiswmi.asp


Thank  you for steering me in the correct direction........
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
2 websites hosted on premise 6 43
Http hosting redirect issue 2 43
Log on FTP From Local Machine 6 50
Is it possible to host a website on a windows vps 4 55
What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question