Share via


Securing WCF to only respond to local requests.

Is it possible to secure a web service to only respond to local requests over HTTP?

Yes, you just need to make sure that you listen at https://127.0.0.1/MyService/ with HostNameComparisonMode = Exact.

 ServiceHost service = new ServiceHost(typeof(MyService), new Uri("https://127.0.0.1/MyService/"));
BasicHttpBinding binding = new BasicHttpBinding();
binding.HostNameComparisonMode = HostNameComparisonMode.Exact;
service.AddServiceEndpoint(typeof(IMyService), binding , "BasicEndpoint");

Also, be sure to run httpcfg or netsh http add urlacl with the 127.0.0.1 address.