I am hosting a WCF Service within an ASP.NET MVC web application. I would like the WCF Service to only be accessible to authenticated users. Adding the configuration code below to the web.config file does not have the desired result:
<location path="Services/MyService.svc">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
How should I deny access to this service for unauthenticated users?
I was able to resolve this by adding a Web.Config file containing the authorization rule within the "~/Services" directory itself instead of the Web.Config at the root of the website.
~/Services/Web.Config
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>