0

I have a service that I access from jQuery on a page, it looks like this:

[ServiceContract(Namespace = "")]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class FacadeService
{
    ServiceHelper serviceHelper = new ServiceHelper();

    [OperationContract]
    [WebGet(ResponseFormat=WebMessageFormat.Json)]
    public String GetAllProducts()
    {
        Uri uri = new Uri("http://localhost:12345/api/Products");

        return serviceHelper.SubmitGetRequestToService(uri);
    }
}

That's great, but anyone can now open a browser and hit this service. I want only the local website to be able to access this service. Is there any built-in way to do this or must I devise some clever scheme to keep out the riff-raff?

Robert Seder
  • 1,390
  • 1
  • 9
  • 19

1 Answers1

0

If you are hosted your servin on IIS, probably the simplest way will be to limit service url access via IIS tools.

If you have do it with wcf service itself, you can add your behavior for ip filtering, see this and this posts for example.

But I still think it'll be easier to accomplish it via standard IIS tools.

Community
  • 1
  • 1
evgenyl
  • 7,837
  • 2
  • 27
  • 32
  • Am I really the first person to run across this? I assumed that since WCF set up this way is specifically for AJAX calls, that it would offer some sort of mechanism to make sure non-AJAX callers can't just connect up to the service and start sucking down data. Inside of the WCF service though, you don't have an "context" from the callers, so I assumed there would be some WCF setting. I can't be the only person in the world to run across this first, right?! :-) – Robert Seder Apr 17 '13 at 03:17
  • I updated the answer - you can write and use your behavior if you have to. – evgenyl Apr 17 '13 at 04:30
  • Thanks, again. I guess I'm not looking for "a" way to do this, I'm looking for the best-practice on this and how this is already solved. – Robert Seder Apr 17 '13 at 11:21