Wednesday 6 August 2008

Restrict access to MOSS Web Services

As a part of Security measure, we need to block the access to MOSS Web Services.
Every MOSS Developer knows how to access the exposed web services of MOSS.
http://servername/_vti_bin/Lists.asmx ...
This would open up the entire webservice and available methods in that.

In order to restrict that we can add an entry in web.config file of that Site Collections web application.

Add the following block

<location path="_vti_bin">
<system.web>
<authorization>
<allow users="mossserver\Myuser" />
<deny users="*" />
</authorization>
</system.web>
</location>

Its blocked!! Right?

*** But beware, you cannot open the Site in SharePoint designer if you block webservices for all users. So please allow atleast one account for accessing webservices.**

1 comment:

Suchak said...

Crucial information