For the longest time, I've been applying IP whitelisting to an entire website in IIS. But lately, I've been wanting to just apply it to a specific asmx file in the site, while keeping the rest unrestricted. After doing some research, it seems that this can be simply done in IIS 6.0 by right-clicking on the asmx file and choosing File Security.
But with Windows 2012 Server and its built-in IIS 8.5, it gets a little more complicated. First, you have to install the IP Security feature from Server Manager if it is not yet installed:
From my experience with Softlayer, their bare metal installation somehow does not have this feature pre-installed. But with my Cloud Server, all Web Server options were pre-installed. From IIS Manager, go to Content View; right-click the asmx file you want to protect and select Switch to Features View. Then open IP Address and Domain Restriction.
Visit this for more information:
One can also specify the IP restriction by hand via web.config as shown here: