Restrict client application to consume wcf service on only one endpoint
https://stackoverflow.com/questions/4756646
-
16-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have developed a wcf service having two contracts Contract1 and Contract2 exposed on two different endpoints. When i am going to add reference to my client application it allows me to consume both contracts.
How i restrict client application to consume only one contract?
here is my web.config's code
<system.serviceModel>
<services>
<service behaviorConfiguration="MyWCFService.Service1Behavior"
name="MyWCFService.Service1">
<host>
<baseAddresses>
<add baseAddress="http://localhost:1010/Service1.svc"/>
</baseAddresses>
</host>
<endpoint address="/MyService1" binding="wsHttpBinding" contract="MyWCFService.IService1" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<endpoint address="/MyService2" binding="wsHttpBinding" contract="MyWCFService.IService2" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyWCFService.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Thanks in advance.
Solution
why not break single webservice endpoint with 2 contracts into two webservice endpoints on different addresses and 1 contract per each and use only one in your client application.
Its unclear why your design requires 2 contracts on 1 endpoint , only allowing client to use 1 contract.
Or add some security, maybe some fairly basic stuff like add password field to method signatures in contract you want to restrain access to.
OTHER TIPS
I can think of two ways -
First way would be using firewall to block the second service URL. It would help if you choose different base address (perhaps port or host header). Yet another variation would be to host the second web service in different application/web-site and block it from external access. Separating service also make sense from separating your metadata (mex) end points - as current shared end point would publish WSDL for both services - does not make sense to publish metadata for second web service (over public end point) if you don't wish it to consume by others.
Second way would rely on web service security - essentially, make your second web service with credentials that are not published to external parties.
IIS provides limited filtering services based on IP.
Windows networking provides limited filtering services based on IP.
A firewall will provide any filtering you need.
I have done the below solution..
Create 2 interfaces for service contract .. Let's say IService1 and IService2.
Implement these 2 interfaces to the service class. Lets name it as service1
Create a derived service class from Service1. Just a blank derived class.
Create two different service element in app.config
in 1st service, create the end point with some address and binding and provide IService1 as contract. It will have it's own base address
in 2nd service create the end point with some different address and binding and provide IService2 as contract. It will have it's own base address which will be different.
Now share any of the address to the client as per your choice.
