Protect Web Service so that it works only on one Domain or Server in IIS ASP.Net

Last Reply on Jan 09, 2018 02:54 AM By Omie

Posted on Jan 08, 2018 03:58 AM

Hello all,

I am in a very urgent need of this problem,
I have a website with architecture (html + JSON + webservice (C#)) installed on a server which is open to internet.. now my webservices are opened to whole world so anyone can access it and may try to malfunction..

what i wanted to do is i wanted to make my webservice to work limited to my application only instead of other applications.. like website is on open internet but its web services are private to website only not to whole internet..

Right now its a big data security concern..
i would really appreciate a help from you guys.

Posted on Jan 08, 2018 05:23 AM

Add an additional parameter say "SecretCode" to the Web Service methods.

And every client that wants to access your WebService must have to pass the SecretCode.

Then in the Web Service methods, validate whether the supplied Secret Code matches else return an error.

Also you can detect the calling IP Address in the WebMethod then later save it and use it to block from the IIS.

Posted on Jan 09, 2018 02:54 AM
string ip = HttpContext.Current.Request.UserHostAddress.ToString();

Using this we can get ip address of the remote client who is calling our webservice.

Wonderful Suggestion Mudassar and thanks!