Home/ Questions/Q 4589208
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T22:01:59+00:00

I’ve read so many blog posts and articles that my eyes are getting blurry.

  • 0

I’ve read so many blog posts and articles that my eyes are getting blurry. I haven’t yet found what I need (or I just don’t understand what I’m doing, which is most likely).

We have a WCF data service that we want to restrict access to. We want to put the web client in an app pool, and then only the app pool account should be able to use the WCF data service.

If someone hits the WCF service directly from a browser, or from another application, they should not be able to access the data.

How do I set this up? I tried impersonation, but I couldn’t seem to get that to work.

Securing WFC data services seems way too difficult, but maybe I am just not looking at it correctly. Any help would be appreciated. Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Consider having a read of the following;
    http://msdn.microsoft.com/en-us/library/dd728284.aspx

    I would consider something like the following code. OnStartProcessingRequest occurs on every call to WCF Data Services;

       Protected Overrides Sub OnStartProcessingRequest(ByVal args As System.Data.Services.ProcessRequestArgs)
        MyBase.OnStartProcessingRequest(args)
        If HttpContext.Current.User.Identity.Name.ToLower <> "UserName".ToLower Then
            Throw New DataServiceException("Services restricted")
        End If
   End Sub

    I’m sure there will be other methods to do this as well. If it’s hosted in IIS I would guess it could be restricted the same as any other asp.net web application, but I haven’t really looked at it much.

    • 0