Is there a way to only expose a certain web method in a .Net Web Service to a particular user/group?

I have a web service that has multiple web methods. Is there a way to expose only one of these web methods to a certain group or person?

As of right now, I use Windows authentication and user groups for authorization. This just allows complete access to the web service.

<authentication mode="Windows"/>
<authorization>
    <allow users="*" roles="domain\groupName"/>
    <deny users="*"/>
</authorization>

Is there a way to add another group in the roles attribute that would allow access to only "MyMethod" and not the other web method开发者_开发问答s that exist in the web service?

Any help is greatly appreciated!

Have a look at the Role-based Authorization Options in WCF section in the article Authentication, Authorization, and Identities in WCF. The Declarative Authorization section seems to be what you are looking for.

I don't think you can define authentication by method, but you can define it by directory or page. So perhaps if you rearrange your methods into discrete services.

Here is an example of how to authenticate by page/directory

<configuration>
   <location path="Logon.aspx">
      <system.web>
         <authorization>
            <allow users="*" roles="domain\groupName"/>              
            <deny users="*"/>  
         </authorization>
      </system.web>
   </location>
</configuration>

And here is a link to the source article which might help you. http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx