I have a web application, in which a web service resides in a folder. The whole web application can be accessed from anywhere, while the web service should only be accessed from certain IP addresses. I can't separate them and take the web service into another IIS web site, thus I need to restrict the access to the web service, while it resides in that web site. However, I have no limitation in creating virtual directories. What should I do? Can I do it at all?

To understand the scenario better, suppose that the domain of the website is www.sample.com, and every address on this website is accessible to all the Internet. For example, www.sample.com\path1 and www.sample.com\path2 are browsable by everyone and every IP address out there.

But the address of the web service www.sample.com\services\user.asmx should only be accessed from certain IP addresses, like 217.218.192.50 && 107.50.27.30 for example.

How can I achieve this configuration in IIS7?

OK, what a simple action it was.

Simply select the folder in IIS7, and from the right hand, select IP Address and Domain Restrictions (which if is not visible, must be reached via Features View tab).

Now, you can allow or deny any single IP address, or a range if IP addresses from seeing or not seeing your folder, and anything inside it.