Protect Web Service so that it works only on one Domain or Server in IIS ASP.Net

Last Reply one year ago By Omie

Posted one year ago

Hello all,

I am in a very urgent need of this problem,
I have a website with architecture (html + JSON + webservice (C#)) installed on a server which is open to internet.. now my webservices are opened to whole world so anyone can access it and may try to malfunction..

what i wanted to do is i wanted to make my webservice to work limited to my application only instead of other applications.. like website is on open internet but its web services are private to website only not to whole internet..

Right now its a big data security concern..
i would really appreciate a help from you guys.

Posted one year ago

Add an additional parameter say "SecretCode" to the Web Service methods.

And every client that wants to access your WebService must have to pass the SecretCode.

Then in the Web Service methods, validate whether the supplied Secret Code matches else return an error.

Also you can detect the calling IP Address in the WebMethod then later save it and use it to block from the IIS.

Posted one year ago
string ip = HttpContext.Current.Request.UserHostAddress.ToString();

Using this we can get ip address of the remote client who is calling our webservice.

Wonderful Suggestion Mudassar and thanks!