开发者

Restrict client application to consume wcf service on only one endpoint

I have developed a wcf service having two contracts Contract1 and Contract2 exposed on two different endpoints. When i am going to add reference to my client application it allows me to consume both contracts.

How i restrict client application to consume only one contract?

here is my web.config's code

<system.serviceModel>
    <services>
        <service behaviorConfiguration="MyWCFService.Service1Behavior"
         name="MyWCFService.Service1">
            <host>
                <baseAddresses>
                    <add baseAddress="http://localhost:1010/Service1.svc"/>
                </baseAddresses>
            </host>

            <endpoint address="/MyService1" binding="wsHttpBinding" contract="MyWCFService.IService1" />                
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
            <endpoint address="/MyService2" binding="wsHttpBinding" contract="MyWCFService.IService2" />

        </service>
    </services>
    <behaviors>
        <serviceBehaviors>
            <behavior name="MyWCFService.Service1Behavior">
                <!-- 开发者_开发技巧To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
                <serviceMetadata httpGetEnabled="true"/>
                <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
                <serviceDebug includeExceptionDetailInFaults="false"/>
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>

Thanks in advance.


why not break single webservice endpoint with 2 contracts into two webservice endpoints on different addresses and 1 contract per each and use only one in your client application.

Its unclear why your design requires 2 contracts on 1 endpoint , only allowing client to use 1 contract.

Or add some security, maybe some fairly basic stuff like add password field to method signatures in contract you want to restrain access to.


I can think of two ways -

  1. First way would be using firewall to block the second service URL. It would help if you choose different base address (perhaps port or host header). Yet another variation would be to host the second web service in different application/web-site and block it from external access. Separating service also make sense from separating your metadata (mex) end points - as current shared end point would publish WSDL for both services - does not make sense to publish metadata for second web service (over public end point) if you don't wish it to consume by others.

  2. Second way would rely on web service security - essentially, make your second web service with credentials that are not published to external parties.


IIS provides limited filtering services based on IP.

Windows networking provides limited filtering services based on IP.

A firewall will provide any filtering you need.


I have done the below solution..

  1. Create 2 interfaces for service contract .. Let's say IService1 and IService2.

  2. Implement these 2 interfaces to the service class. Lets name it as service1

  3. Create a derived service class from Service1. Just a blank derived class.

  4. Create two different service element in app.config

  5. in 1st service, create the end point with some address and binding and provide IService1 as contract. It will have it's own base address

  6. in 2nd service create the end point with some different address and binding and provide IService2 as contract. It will have it's own base address which will be different.

Now share any of the address to the client as per your choice.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜