如何限制/保护asmx Web服务？ [英] How to restrict/secure asmx web service?

问题描述

如何为asmx网络服务提供安全保护以限制外部用户？



我尝试过：



我没有为上述问题尝试过任何事情..

How to provide security to asmx web service to restrict external user?

What I have tried:

I don't have tried anything for above mentioned issue..

推荐答案

你可以通过.config
应用< location>要保护的资源的标记。假设它是一个ASMX文件，您只需在web.config中执行以下操作：

you can manage the resource through .config
Apply a <location> tag for the resources you want secured. Assuming it's a single ASMX file you can simply do the following in your web.config:

<location path="MyWebService.asmx">
    <system.web>
        <!-- resource specific options will go here -->
    </system.web>
</location>

您使用的第二种方法如下： -

Second method you use as follows:-

The simplest approach to securing the resource is to basically say: "don't let anyone who hasn't successfully authenticated in some way into this resource". This is done using the following authorization configuration:

<authorization>
    <deny users="?" />
</authorization>
If you wanted to only allow certain users you could change to do the following instead:

<authorization>
    <deny users="*" />
    <allow users="jdoe, msmith" />
</authorization>
Another approach is to define roles (groups) and simply lock the resource down to a special role which you put the users who you want to access the resource into.

<authorization>
    <deny users="*" />
    <allow roles="My Service Users" />
</authorization>

一篇文章也发布在Code Project上，简要介绍了这篇文章： -

WSE 3.0中使用UsernameToken的WebService身份验证 [ ^ ]

A article also posted on Code Project in a brief go through this article:-
WebService Authentication with UsernameToken in WSE 3.0[^]

这篇关于如何限制/保护asmx Web服务？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！