How to restrict/secure asmx web service?

Question

1.00/5 (1 vote)

See more:

How to provide security to asmx web service to restrict external user?

What I have tried:

I don't have tried anything for above mentioned issue..

Posted 2-Aug-16 0:49am

Member 11774876

Updated 2-Aug-16 19:04pm

Add a Solution

Comments

ZurdoDev 2-Aug-16 7:16am

From even calling the web service?

From inside the service just make sure they pass a token and verify it or use IIS authentication.

Member 11774876 2-Aug-16 8:00am

@RyanDev, an actual problem is on our hosted site users saying that, the data they are passing affected by some malicious data. Automatically different data getting saved to the actual result they have passed.

Some of the help I have got says "It's just the security around web service call is not tight enough."

I have added following section to web.config.

<location path="CompleteService/Methods.asmx" allowoverride="false">
<system.web>
<authorization>
<deny users="?">

Does this would restrict external users to do so?

Member 11774876 2-Aug-16 8:04am

How can I check for token/verify it?

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

The Praveen Singh · Answer 1 · 2016-08-02T18:59:00

you can manage the resource through .config
Apply a <location> tag for the resources you want secured. Assuming it's a single ASMX file you can simply do the following in your web.config:

XML

<location path="MyWebService.asmx">
    <system.web>
        <!-- resource specific options will go here -->
    </system.web>
</location>

Second method you use as follows:-

C#

The simplest approach to securing the resource is to basically say: "don't let anyone who hasn't successfully authenticated in some way into this resource". This is done using the following authorization configuration:

<authorization>
    <deny users="?" />
</authorization>
If you wanted to only allow certain users you could change to do the following instead:

<authorization>
    <deny users="*" />
    <allow users="jdoe, msmith" />
</authorization>
Another approach is to define roles (groups) and simply lock the resource down to a special role which you put the users who you want to access the resource into.

<authorization>
    <deny users="*" />
    <allow roles="My Service Users" />
</authorization>

The Praveen Singh · Answer 2 · 2016-08-02T19:04:00

Solution 2

A article also posted on Code Project in a brief go through this article:-
WebService Authentication with UsernameToken in WSE 3.0[^]

Posted 2-Aug-16 19:04pm

The Praveen Singh