Limit access of asmx web service to specific IP addresses

web-services iis asmx ip-address
11,882

In IIS 6.0 Manager, right click on the .asmx file.

Go to the File Security tab, and Click the Edit button in the IP Address and domain name restrictions.

Click the 'Denied Access' radio button, then add your whitelisted ip addresses to the list.

For IIS 7.5, it's a little tricky as the file doesn't show in the navigation panel. You need to go to the Content View tab (in the lower part of the window), right click on your file and choose Switch to Features View. Open IP Address and Domain Restriction, click on Edit Feature Settings and choose to deny unspecified hosts. Now you can add authorizations by clicking on Add Allow Entry.

Share:
11,882
DMCS
Author by

DMCS

Senior Software Developer (Only called "senior" because I keep forgetting stuff) "Damn it Jim. I'm a programmer, not a server admin!"

Updated on June 05, 2022

Comments

  • DMCS
    DMCS about 2 years

    I need to limit access of an .asmx web service to specific IP addresses. I figure I could add a hardcoded check into each method, but that seems like a code maintenance nightmare. Is there a web configuration entry I can make, or a IIS 6 setting I can apply to the .asmx file?

  • Moose
    Moose about 15 years
    I added the IIS way in another answer, but I'll stick with this one.. It keeps your whitelist in web.config where more of your site configuration is, and allows you to be more flexible if you want something fancier than whitelist or blacklist. I think this would be the more elegant solution. Also, the IIS metadata route could get lost if someone changes something down the tree and overwrites it.
  • DMCS
    DMCS about 15 years
    The problem is the code in each of the web service calls that gets bad to maintain and kept in all future additions to the .asmx file by other developers (which, undoubtedly, will forget). The Whitelist in IIS is the best way to keep it simple, so if changes do happen, a whole new codeset doesn't need to be sent thru QA (expensive process in terms of time and resources) and then redeployed (not quite as expensive as QA, but still wastes people's time). So the quickie thing to do is keep them in the IIS 6 whitelist. :)
  • HarryTuttle
    HarryTuttle about 9 years
    Note that IP security is a feature which doesn't come preinstalled on Windows 7/IIS 7.5. You'll have to add it: iis.net/configreference/system.webserver/security/ipsecurity‌​/…
  • Moose
    Moose about 9 years
    Good catch.. I didn't realize you have to add it separately.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Debugging asmx web services
Is there a way to restrict access to an ASMX Webservice, i.e. the asmx page and its WSDL?
SOAP Request Fails when parameter is supplied
How to get client IP address in a one-way ASMX Web Service
what is WCF and how does it work?
ASP.NET Web Method that accepts a List<CustomObject> is failing with "Web Service method name is not valid."
Correct way to authorize an ASMX .NET web service from MVC 4 Project
Stream Large File to Web Service
Invoke a SOAP method with namespace prefixes
The maximum message size quota for incoming messages (65536) has been exceeded in asmx issue