0

How do I configure my webservice to allow only one specific local user access? Anyone consuming the webservice then would need to pass this users credentials.

I'm thinking I need to disable anon, forms windows authentication then in .net authorization rules in iis remove the allow all users record and add in the local user I've created.

Will that suffice?

Edit: At the moment my web.config is

<authorization>
     <allow users="LocalWebServiceUser" /> 
    <deny users="*" />
</authorization>

There is no authentication element at the moment so its taking the default

user48408
  • 3,234
  • 11
  • 39
  • 59
  • ASMX is a legacy technology, and should not be used for new development. WCF or ASP.NET Web API should be used for all new development of web service clients and servers. One hint: Microsoft has retired the [ASMX Forum](http://social.msdn.microsoft.com/Forums/en-US/asmxandxml/threads) on MSDN. – John Saunders Jan 28 '14 at 13:02
  • I understand that but I'm redeploying an old application, cheers – user48408 Jan 28 '14 at 13:03
  • How does the service currently perform authentication? In fact, are you sure that the service supports authentication at all? – John Saunders Jan 28 '14 at 13:09
  • The IIS server was completely wiped. I wasn't the developer who previously deployed it. I just know the requirements. That those consuming need to pass credentials of this local user. All other users should be denied – user48408 Jan 28 '14 at 13:18
  • Don't you have the web.config? What does it say about authentication? – John Saunders Jan 28 '14 at 13:24
  • I've updated the original question, thanks – user48408 Jan 28 '14 at 13:34
  • So, you have an old service, but you want to do authentication in a new way? Do you have the freedom to change the consumers of the service? Because if they don't currently send credentials, then they'll need to change. It sounds like your question is really "how do I perform authentication in an ASMX service?" – John Saunders Jan 28 '14 at 13:38
  • John, I've no control over the consumers of the webservice. It just needs to work how it previously worked but because the the IIS server was flattened the other day I can't see how it was performing authenticaiton. The users of the webservice currently send credentials. I can't go back and forth with them all day so only want to make the webservice available once I'm confident I've got the correct setup – user48408 Jan 28 '14 at 13:44
  • I don't think that there is anything else you need to do. You have the web.config and you have the service as it used to be, and the consumers as they used to be. Do you think that you also need some sort of IIS settings? You probably do not. Do the consumers currently work? You say you want to restrict usage to a single user. Can that user access the service now? Can other users? Are you certain that the other users were previously unable to access the service? You may already have achieved everything that was there before. – John Saunders Jan 28 '14 at 13:58
  • John, thanks for your help. You were right the configuration seemed fine, the problem turned out to be with the ssl certificate – user48408 Jan 28 '14 at 18:32

0 Answers0