开发者

Preventing Cross-Domain access to services with WCF

I have several WCF services in an ASP.NET application. I want to prevent applications from outside of my domain from accessing these services. Is there a configuration setting that allows me to block requests from outside of my domain?

开发者_运维问答

Thank you!


What you want is authentication. Limiting access based on domain is not a secure manner of authentication.


If you don't want expose services to Internet you should not host them on public server. If you really need this you should first start to look for way to secure your services on network level. For example I guess ISA server should be able to block requests to your services.


EDIT: This will prevent all non-authenticated users from getting to your services. If you need users in your domain who aren't authenticated to access the services, let me know and I'll update accordingly.

Are you using authentication in your ASP.NET application?

<system.web>
  ...
  <authentication mode="Forms">
    <forms protection="All" defaultUrl="login.aspx" ... />
  </authentication>
  ...
</system.web>

If so, your .svc files will be inaccessible until your users authenticate. If a non-authenticated user tries to access a .svc file, they will be redirected to your login page.

EDIT(2): Since you need non-authenticated access to the services within your site, one thing you can consider is having a cookie that's sent to the user's machine upon the first visit to the site. The cookie could use a create date and some secret key to create a hash, and you can validate the hash on the server for each request. Requests from other sites wouldn't pass the cookie and your service would manually check to see if that cookie is there or not -- if it's not there, then the request is denied.

If your WCF services has ASP.NET compatibility enabled (true) and AspNetCompatibilityRequirementsMode set to Allowed or Required, you should have access to HttpContext and cookies. Here's more information about ASP.NET compatibility mode.

This may not be the most appropriate solution as I don't know your scenario and requirements. But hopefully this helps.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜