Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to give access to WCF web service hosted on IIS only for specific users?

I have a web service which uses Windows Authentication. Web Service is hosted on IIS. Is it possible to narrow access to that web service only to few specific users? My current web config:

<services>
  <service name="LANOS.SplunkSearchService.SplunkSearch">
    <endpoint binding="basicHttpBinding" bindingConfiguration="basicHttp"
      contract="LANOS.SplunkSearchService.ISplunkSearch" />
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
  </service>
</services>

<bindings>
  <basicHttpBinding>
    <binding name="basicHttp" allowCookies="true" maxBufferSize="20000000"
      maxBufferPoolSize="20000000" maxReceivedMessageSize="20000000">
      <readerQuotas maxDepth="32" maxStringContentLength="200000000"
        maxArrayLength="200000000" />
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

By the way, I tried a solution similar to this, which I found over the Internet:

    <authentication mode="Windows"/>

    <authorization>

          <allow roles=".\Developers"/>

          <allow users="DOMAIN\ServiceAccount"/>

          <deny users="*"/>

    </authorization>

It does not work though. :( It let all domain users pass through.

like image 241
mike Avatar asked Oct 28 '11 11:10

mike


1 Answers

Wrox's Professional WCF 4 describes a way to set up UserName/Password authentication in Ch. 8. To summarize, you need a custom validator:

public class MyCustomUserNamePasswordValidator : UserNamePasswordValidator
{
   public override void Validate(string userName, string password)
   {
     if(userName != "foo" && password != "bar") 
     {
        throw new SecurityTokenValidationException("Invalid user");
     }
   }
}

After that you need to add modify your userNameAuthentication element in the service configuration to "Custom" and define the validator:

 <userNameAuthentication
      userNamePasswordValidationMode = "Custom"
          customUserNamePasswordValidatorType =
          "Common.MyCustomUserNamePasswordValidator, Common" />

I hope this helps.

like image 129
Scott Corbett Avatar answered Oct 24 '22 05:10

Scott Corbett