<deny> Element

  • Article

Specifies which clients are explicitly denied access to a Web service.

<microsoft.web.services3> Element
  <messaging> Element
    <transports> Element
      <add> Element for <transports>
        <hosts> Element

<deny value= "list of host names separated by spaces." />

Attributes and Elements

Attributes

Attribute Description

value

A list of clients separated by a space that are explicitly denied access to a Web service. Each client is specified using its host name, IP address, IP address mask, and/or the keyword all, which means that all clients are denied access to the Web service.

Child Elements

None

Parent Elements

Element Description

<hosts> Element

Specifies which clients are allowed or denied access to a Web service.

Remarks

Before adding the <deny> element to a configuration file, you must add the microsoft.web.services3 configuration section handler to the configuration file. For details about adding the microsoft.web.services3 configuration section handler, see <section> Element.

WSE uses the following rules to determine whether a client is allowed or denied access. If the value of the default attribute of the <hosts> element is set to allow, then all are allowed access unless there is a listing in the <deny> element that is not overridden by a listing in the <allow> element. If the value of the default attribute of the <hosts> element is set to deny, then all are denied unless there is a listing in the <allow> element that is not overridden by a listing in the <deny> element. In either case, if the result is that the client should be denied access, then the incoming connection is immediately closed and no data is processed from it.

Example

The following code example specifies that all hosts are allowed access to a Web service except those with IP addresses starting with 192.168.1 and 10.10.100 with the exception of 192.168.1.1.

<configuration>
  <microsoft.web.services3>
    <messaging>
      <transports>
        <add scheme="soap.tcp">
          <hosts default="allow">
            <allow value="192.168.1.1" />
            <deny value="192.168.1.0/24 10.10.100.0/24" />
          </hosts>
        </add>
      </transports>
    </messaging>
  </microsoft.web.services3>
</configuration>

See Also

Reference

<transports> Element
<add> Element for <transports>
<hosts> Element