All geek questions in one place

WCF Resolution Using IIS and ACL

I am trying to protect some WCF services. I would like to use IIS or Web.config, if possible, all the heavy lifts / configurations. I do not want to embed anything in my code - I thought I knew that it was unsafe. If possible, I would like to achieve this without resorting to AspCompatibilityMode: (

I am using a custom BasicHttp binding with TransportCredential enabled.

It works great. Any valid domain or machine account seems to be checking this service.

My problem: I want users from separate window groups to be able to access my service. I wanted to use ACLs for actual folders to achieve this, but I don't think it is possible.

Thank your help!

Thanks TM

+3
source share
1 answer

In your web.config, try the following:

<authentication mode="Windows" />  
<identity impersonate="false" />
<authorization>
   <allow users="MYDOMAIN\YourGroup" />
   <deny users="*" />
</authorization>

This will block it at the web configuration level. You can also put the ACL in your folder. Note that Windows authentication and impersonate = false means that these are user credentials that are used to access the directory.

+1
source

Source: https://habr.com/ru/post/1766823/

More articles:


All Articles