Monday, July 27, 2015

IP Whitelisting a Specific .NET Web Service asmx file

For the longest time, I've been applying IP whitelisting to an entire website in IIS.  But lately, I've been wanting to just apply it to a specific asmx file in the site, while keeping the rest unrestricted.  After doing some research, it seems that this can be simply done in IIS 6.0 by right-clicking on the asmx file and choosing File Security.

But with Windows 2012 Server and its built-in IIS 8.5, it gets a little more complicated.  First, you have to install the IP Security feature from Server Manager if it is not yet installed:

http://www.iis.net/configreference/system.webserver/security/ipsecurity/add

From my experience with Softlayer, their bare metal installation somehow does not have this feature pre-installed.  But with my Cloud Server, all Web Server options were pre-installed.  From IIS Manager, go to Content View; right-click the asmx file you want to protect and select Switch to Features View.  Then open IP Address and Domain Restriction.

Visit this for more information:

http://stackoverflow.com/questions/1075618/limit-access-of-asmx-web-service-to-specific-ip-addresses

One can also specify the IP restriction by hand via web.config as shown here:

http://serverfault.com/questions/653672/how-to-ip-restrict-access-to-a-website-in-iis8-5-windows-2012r2