none
IIS 10 - Authorization issue RRS feed

  • Question

  • Hi, I have web services built and hosted on IIS 10, Windows server 2016.

    These web services currently have open Authorization. If it goes live to Production this web service is accessible to everyone.

    So, how can I set and Deny access to only certain users to access this web service. Please advise


    Reason101

    • Moved by CoolDadTx Wednesday, February 19, 2020 9:19 PM ASP.NET related
    Wednesday, February 19, 2020 6:07 AM

All replies

  • So, how can I set and Deny access to only certain users to access this web service

    The Web service itself should be doing autentication and not IIS itself. 

    https://www.codemag.com/Article/0307071/.NET-Web-Services-Security

    You can further discuss this at the below forums.

    https://forums.asp.net/25.aspx/1?Security

    https://forums.asp.net/28.aspx/1?WCF+ASMX+and+other+Web+Services

    https://forums.asp.net/

    Wednesday, February 19, 2020 7:59 AM
  • My question how I can restrict the permissions on the Web site Level on IIS.

    Editing of web.config does not work, when I deny the access of "All Users" and allow the access for admins. I tried also using IIS "Authorization Rules". This does not work also, when I change the default rule from "ALLOW to All Users" to  "DENY to All Users",  and create a new rule "ALLOW to Domain Admins". The existing authenticated users on the AD Domain can still access the site.

    As you know, there is also another rule named ".NET Authorization Rules". The default setting ist "ALLOW to All Users" (inherited). If I set this to 'DENY' still can access.

    Stuck on the security issue. Can anyone please advise any other way of having this Authorization/Security set ?

    Reason101

    Wednesday, February 19, 2020 6:19 PM
  • The forum addresses C# issues.  You can post to the IIS forums for help. Myself I don't look at IIS as a security solution that would slow IIS down as it blocked or allowed inbound traffic, which is the job of a standalone firewall solution.

    https://forums.iis.net/

    Wednesday, February 19, 2020 8:44 PM