Out of the box, Sitecore XP 9.0.0-10.0.1 versions secure all content under \sitecore\shell via ASP.NET Authorization. This includes the Good Old Web Service which can be used with Rocks, found at \sitecore\shell\WebService\Service.asmx. Though the service includes its own authentication, by default requests to it from Sitecore Rocks will be rejected as they appear as anonymous requests to ASP.NET.
You may see the following error message when connecting with Rocks:
Access was denied when trying to communicate with the Sitecore service. Sitecore 9.0+ requires configuring anonymous access to utilize the Good Old Web Service. Installing the Hard Rock Web Service will automatically enable anonymous access to the services.
Switching to the Hard Rock Web Service, and using Rocks to install it, will deploy a Web.config file to the \sitecore\shell\WebService folder which enables anonymous access to both the Good Old and Hard Rock services. The services will still perform their own authentication using the credentials entered into Sitecore Rocks.
If you do not wish to install the Hard Rock service, you must apply your own authorization override. It is recommended to place this in the Web.Debug.config configuration transform file:
<location path="sitecore/shell/WebService/Service.asmx"> <system.web> <authorization> <allow users="?,*" /> </authorization> </system.web> </location>
Note: do not install the Hard Rock service or enable anonymous access to the Good Old service in a production environment.