Hi,
A Few ways:
1) In IIS restrict the website by IP address allowing only machines that run
your code to access the web service.
2) Disallow anonymous authentication in IIS. Restrict acces to your ASMX
file allow only a specific user to access the ASMX file. In your consuming
application use CredentialsCache to pass NT user rights to the web service
when communicating with the server.
3) User certificates. In IIS, disallow anonymouse users...Issue a
certificate to your client machines you wish to give access to... In IIS Map
the cert to an NT user account that has access to the ASMX file. In your
application consuming the web service use WSE 3.0 to pass the cert to the
web service.
4) Kind of weak, but you can have your web methods take a 'security token'
as a parameter. Make the token a Guid. Share the Guid with the server and
the consuming app. Then the consuming app calls the web methods, pass the
Shared Guid. The web method must compare the passed Guid to make sure it is
the correct value, or throw an error. (many places use this... ebay...
amazon... google).
-DS
"huz" <an****************@gmail.comwrote in message
news:e9**********@news2.carnet.hr...
>I need some advice, here is the situation: I have a web service (ASP 2.0)
published on IIS, how can i make that only trusted (my) web applications
consume it, and successfuly block all others???