我如何以编程方式限制对Web服务的访问？ [英] How can I programatically limit access to a Webservice?

问题描述

我正在编写一个传统的ASMX Web服务，使用C＃和.Net 2.0在IIS上进行部署。
webservice将部署在一个共享托管环境中，每个客户端都有自己的应用程序副本，位于一个单独的虚拟目录中（我知道，我知道 - 这是一个遗留应用程序）。每个虚拟目录中都会有一个Webservice的单独副本。

I am writing a traditional ASMX webservice using C# with .Net 2.0 for deployment on IIS. The webservice will be deployed in a shared hosting environment where each client has their own copy of the application sitting in a separate virtual directory (I know, I know - it's a legacy app). There will be an individual copy of the Webservice sitting in each virtual directory.

由于Web服务可能会做一些有力的事情，我希望可以选择限制访问它某些IP地址。在防火墙中执行此操作并不是一个非常好的选择，因为它只是应该受到限制的Web服务而不是网站的其他部分 - 并且它位于每个虚拟目录级别。

As the Webservice could potentially do some powerful things, I would like to optionally limit access to it to certain IP addresses. Doing this in the firewall isn't a very good option as it is only the webservice that should be limited and not the rest of the website - and it is on a per-virtual-directory level.

我可以以编程方式读取请求者的IP地址并将其与列表进行比较，以便我可以拒绝来自其他地址的呼叫吗？这有什么重大缺陷吗？

Can I programmatically read the IP address of the requestor and compare it to a list so I can reject calls from other addressess? Are there any major pitfalls to this?

谢谢

推荐答案

是你可以轻松地做到。

Yes you can do it easily.

[WebMethod]
public bool IsAlive()
{
     string callingAddress = HttpContext.Current.Request.UserHostAddress;
     return (callingAddress == allowedAddress);
}

唯一的缺陷是维护IP地址列表。

The only pitfalls are the maintenance of the list of IP addresses.

还值得注意的是，您可以在IIS中基于每个Web应用程序配置IP地址访问控制。我在不同的时间使用了这两种方法，它实际上只取决于您希望如何维护授权IP地址列表。

It's also worth noting that you can configure IP address access control on a per web application basis from within IIS. I have used both approaches at different times and it really just comes down to how you want to maintain the list of authorised IP addresses.

这篇关于我如何以编程方式限制对Web服务的访问？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！