stackoom
  简体   繁体   中英

IIS How to block http request from browser

 原文  2016-11-08 21:31:09       wcf/ http/ iis

Question

In Windows domain, Sliver-light out-of-browser app(used by many user) consuming a couple of WCF services hosted on IIS. Now users know WCF service endpoints, they might able to execute methods without Sliver-light App. So is that possible IIS can identify http request from browser or Sliver-light out-of-browser App then block all requests from browser but only allow http request from Sliver-light app?add IP Security on IIS not an option as that will block user use Sliver-light app, and add PrincipalPermission attribute on WCF not an option as well because need too many domain user group and WCF methos need to handle.

1 answers

solution1
 0 ACCPTED  2016-11-10 00:10:15

The problem resolved by implement Url re-write module in IIS. just use this module add a rule which only allow http request header HTTP-REFERER field include sliver-light .xap file. REFERER in header always has same value which is .xap file.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question IIS removes Authorization header from the http request, when the request is from outside my LAN How to access any method using http request in wcf serice which is hosted on IIS? How do you make an HTTP request to a WCF Service Application hosted with IIS? How to intercept WCF request in IIS IIS hosted WCF Service return HTTP 400 Bad Request Forward request from IIS based on custom logic How to make a http GET request FROM a WCF web service How to get the soap or http request object from a wcf class Pushing data from the server to browser via http Run wcf service from IIS 7.5 with HTTPS instead of HTTP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM