Reputation: 7601
How to implemented clientaccesspolicy.xml for WCF Restfull Service
I have implemeted a WCF Rest full service. and I have also configure it to crossdomain but now my prob is how to secure it.
I am calling that service using AJAX,
$(document).ready(function () {
$.getJSON("http://localhost:52823/Handler/RequestService/GetPeople", function (data) {
$("#response").append(JSON.stringify(data));
});
});
now as I am calling from ajax so my service link visible to every one in browser so anyone can call that service and get that data.
So I have google it find that we can put the clientaccesspolicy.xml to the root folder of server and we can configure the specific domain. so I have tried it using below code
<?xml version="1.0" encoding="utf-8" ?> <access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="myipaddress or domainname"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
but it's not working so can anyone plese help me out to secure the WCF service.
Upvotes: 1
Views: 113
Answers (1)
Reputation: 1120
If you are hosting you application on IIS you can just add to you web.config:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, POST" />
</customHeaders>
</httpProtocol>
</system.webServer>
For Access-Control-Allow-Origin you can set you application address: Access-Control-Allow-Origin: http://domain1.com, http://domain2.com
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="http://domain1.com" />
<add name="Access-Control-Allow-Methods" value="GET, POST" />
</customHeaders>
</httpProtocol>
</system.webServer>
You can also reach the goal, writing behaviour which adds a specific header to each message. Here is a guide: http://blogs.msdn.com/b/carlosfigueira/archive/2012/05/15/implementing-cors-support-in-wcf.aspx
There is a constant CorsConstants.Origin, you can set your domain instead.
To check if response has required header you can use fiddler.
Upvotes: 1
Related Questions
- Rest Wcf service
- RESTFul WCF Service C#.Net
- How to integrate WCF rest api to an application
- RESTful WCF Service
- Implementing REST in WCF
- C# silverlight - WCF calls
- ASP.NET 4 WCF RESTful Service
- clientaccesspolicy.xml in Silverlight
- How do I write a secure ClientAccessPolicy.xml file?
- How to implement WCF REST in ASP.NET