C# access self-hosted WCF landing page from localhost only
Question
I have a self-hosted WCF service, which is available from all computers of the company. This has a standard landing page ("You have created a service. To test this service..."). I want to make sure that this landing page and the WSDL links on it are only accessible from the local server, as the information contained there could potentially be a security risk.
- What is the easiest way to make sure that any URL that is not tied to a service is only accessible from localhost?
Please note that I do not want to change the contents of the landing page, as the WSDL links are useful for developers.
I am interested in solutions that involve modifying the app.config or limiting access via code.
1 answers
solution1
0 2020-02-28 15:46:11
As far as I know you can't selectively grant access to WSDL/Test WCF pages only by config or code. You can disabled it or not.
You could implement some sort of rules at IIS level to prevent access from non local addresses, but would make the question more suitable for Super Admin , probably.
If WSDL and/or service description pages public are secutiry issue, though, maybe you need to rethink your services security. Methods should be secured by authentication/authorization of some sort (usually via tokens). If anyone can post to your method and run code without proper authorization, having the interface description public is the last of your problems.
PS: if needed for devs, you can generate static versions of WSDLs to be served from user/password protected path.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.