Can I restrict the WCF web service to only calls from a specific domain?

Question

Can I restrict the WCF web service to only calls from a specific domain?

I have a web service that is externally addressed, but I would like it to be only consumed by subscribers from a specific domain?

Is it possible? and, if possible, is it appropriate? And if it is appropriate, how do I implement this?

UPDATE: Unfortunately, I cannot use AD, as it is an external organization that will access this website. So, for example, I just want to say, say, an external organization is yahoo, I only need calls from yahoo in order to be able to access the web service.

+4

security c # .net wcf

Diskdrive Apr 19 '11 at 6:24

source share

2 answers

Using Web.config, you can restrict access to only certain IP addresses, at least because the client always has an IP address, but cannot have an associated DNS name
However, if you mean allowing access for certain AD users, then tons of answers

0

abatishchev Apr 19 '11 at 6:39

source share

Mark hosang · Accepted Answer · 2011-04-19T07:29:18+0000

When you say a domain, do you mean a network domain name or an Internet domain name?

I think you mean the Internet domain name, but if so, then the IP address is the only thing that, I think, you can use as people who work on yahoo do not have IP addresses associated with yahoo. com, for example. There may be many external ips that have been reserved for the entire company for which you could filter.

Another way to ensure that only some people access your external web service is to pass it some kind of access code in the data, but it may be out of scope / immutable.

Can I restrict the WCF web service to only calls from a specific domain?

More articles: