我正在编写一个传统的ASMX Web服务,使用C#和.Net 2.0在IIS上进行部署。 webservice将部署在一个共享托管环境中,每个客户端都有自己的应用程序副本,位于一个单独的虚拟目录中(我知道,我知道 - 这是一个遗留应用程序)。每个虚拟目录中都会有一个Webservice的单独副本。
I am writing a traditional ASMX webservice using C# with .Net 2.0 for deployment on IIS. The webservice will be deployed in a shared hosting environment where each client has their own copy of the application sitting in a separate virtual directory (I know, I know - it's a legacy app). There will be an individual copy of the Webservice sitting in each virtual directory.
由于Web服务可能会做一些有力的事情,我希望可以选择限制访问它某些IP地址。在防火墙中执行此操作并不是一个非常好的选择,因为它只是应该受到限制的Web服务而不是网站的其他部分 - 并且它位于每个虚拟目录级别。
As the Webservice could potentially do some powerful things, I would like to optionally limit access to it to certain IP addresses. Doing this in the firewall isn't a very good option as it is only the webservice that should be limited and not the rest of the website - and it is on a per-virtual-directory level.
我可以以编程方式读取请求者的IP地址并将其与列表进行比较,以便我可以拒绝来自其他地址的呼叫吗?这有什么重大缺陷吗?
Can I programmatically read the IP address of the requestor and compare it to a list so I can reject calls from other addressess? Are there any major pitfalls to this?
谢谢
推荐答案是你可以轻松地做到。
Yes you can do it easily.
[WebMethod] public bool IsAlive() { string callingAddress = HttpContext.Current.Request.UserHostAddress; return (callingAddress == allowedAddress); }唯一的缺陷是维护IP地址列表。
The only pitfalls are the maintenance of the list of IP addresses.
还值得注意的是,您可以在IIS中基于每个Web应用程序配置IP地址访问控制。我在不同的时间使用了这两种方法,它实际上只取决于您希望如何维护授权IP地址列表。
It's also worth noting that you can configure IP address access control on a per web application basis from within IIS. I have used both approaches at different times and it really just comes down to how you want to maintain the list of authorised IP addresses.
更多推荐
我如何以编程方式限制对Web服务的访问?
发布评论