Reputation: 1939
How do I create a public endpoint and a local endpoint that only I can access with WCF?
So I have created my public WCF service, and it is accessible, and it works. However, I noticed upon retrieving the available methods in the wsdl that there are methods available to the public that I don't want to be accessible.
Example:
public interface IJobs {
List<Jobs> GetAllJobs(); //Good
}
public interface IJobManagement {
void AddNewJob(Jobs job); //Bad
}
Config
<services>
<service name="Services.Data.PublishService" >
<clear/>
<endpoint address="JobsHttp" binding="basicHttpBinding" contract="Services.Data.IJobs" ></endpoint>
<endpoint address="JobsTCP" binding="netTcpBinding" contract="Services.Data.IJobManagement" />
<endpoint binding="mexHttpBinding" name="httpmex" contract="IMetadataExchange"></endpoint>
<endpoint binding="mexTcpBinding" name="mex" contract="IMetadataExchange"></endpoint>
<host>
<baseAddresses>
<add baseAddress="http://localhost:9000/"/>
<add baseAddress="net.tcp://localhost:9001"/>
</baseAddresses>
</host>
</service>
</services>
I thought that maybe creating a new endpoint would solve my problem but in this configuration it did nothing and I see why. I am just trying to figure out how to take IJobManagement out of the picture to the public, and make it only accessible on the local network.
This is my service class and my methods exist in there.
public class PublishService : IJobs, IJobsTCP { //Methods are in here. }
EDIT
And to further describe, when a new job is added I have another WCF service that will push to this WCF service and modify the List<Jobs>
Upvotes: 2
Views: 503
Answers (1)
Reputation: 32258
You can restrict access at the method level by implementing principle based security, where only users in specific groups are allow to access certain methods.
For instance, MSDN demonstrates that only users in the role "CalculatorClients" can access this method by annotating the method Add with a PrincipalPermission
[PrincipalPermission(SecurityAction.Demand, Role = "CalculatorClients")]
public double Add(double a, double b)
{
return a + b;
}
You can also restrict methods based on client certificates, by specifying the subject name and the certificate's thumbprint, as MSDN also demonstrates:
[PrincipalPermission(SecurityAction.Demand,
Name = "CN=ReplaceWithSubjectName; 123456712345677E8E230FDE624F841B1CE9D41E")]
public double Multiply(double a, double b)
{
return a * b;
}
To respond to your question about restricting by a local account, another option is to limit by account names, e.g.
[PrincipalPermission(SecurityAction.Demand, Name="SomeAccountName")]
However, those local accounts should still be in a group which you could apply in the previous examples. Limiting by an actual name is very restrictive and static to your applications development
See the full article on MSDN.
Upvotes: 1
Related Questions
- How to make a public web service API private?
- In a WCF Service, how can I expose a second endpoint with access to only certain methods?
- WCF Service public-facing
- Two endpoints for same service in WCF, one secured one not
- How to host a public WCF service?
- Configuring self hosted wcf service endpoints
- How to create a secured/private WCF service
- Limit access to endpoint of WCF service hosted in IIS
- WCF Internal Only Endpoint
- Private WCF Web Service