i’m trying to secure some WCF services. I’d like to use IIS or the

Question

0

Asked: May 17, 20262026-05-17T06:38:51+00:00 2026-05-17T06:38:51+00:00

i’m trying to secure some WCF services. I’d like to use IIS or the

0

i’m trying to secure some WCF services. I’d like to use IIS or the Web.config todo all of the heavy lifting/configuration if possible. I don’t want to embed anything in my code – thought I know that may not be feasible. If possible, I’d like to achieve this without having to resort to AspCompatibilityMode 🙁

I’m using a custom BasicHttp binding with TransportCredential enabled.

This works fine. Any valid domain or machine account seems to validate against the service.

My problem is I only want users from specific windows groups to be able to access my service. I wanted to use ACLs on the actual folders to achieve this, but I don’t think it is possible.

Would appreciate your help!

Thanks
TM

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-17T06:38:51+00:00

In your web.config try the following:

<authentication mode="Windows" />  
<identity impersonate="false" />
<authorization>
   <allow users="MYDOMAIN\YourGroup" />
   <deny users="*" />
</authorization>

This will block it at the web config level. You can also put an ACL on your folder. Note the Windows authentication and the impersonate = false means that it is the users credentials that are being used to access the directory.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

i’m trying to secure some WCF services. I’d like to use IIS or the

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply