Protection of MS CRM Web Services RRS feed

  • Question

  • Hi,

       I noticed that the web services in the AppWebServices and MSCRMWebServices directories are accessible to all users who can authenticate to the web server. Is this required? as users could directly query these web services..


    Is there a way of protecting these web services from direct access by users..



    Monday, December 1, 2008 8:55 PM





    If i remembered correctly, the Web Services directories are only given Read access permission and not Browse access permission, you can check by opening IIS (inetmgr) and check the settings, It should be given Read permission and not else, so that users won't be able to browse the content of that directory.


    The web services content can be seen by users and is like a public address so that users can see. But in order to execute the web service, in example retrieve some data, the user need to supply the correct authentication in order to get the data. If the client is not a dynamics CRM user, it won't be authenticated, hence no data will be returned.




    hadi teo


    Tuesday, December 2, 2008 4:36 AM