Re: Web Service Security

---

• From: "Henrik Skak Pedersen" <skak@xxxxxxxxxxxxxxxx>
• Date: Tue, 7 Nov 2006 11:58:06 +0100

---

Minor detail :-)

I have just tested it today and I works fine without the Documentation and
the get protocols.

Thank you for your help.

Henrik.

"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:4580be6319b808c8d025b8f50e50@xxxxxxxxxxxxxxxxxxxxx

well - you need the POST, otherwise you web service will not work...

---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com

Hi again,

So something like this would be adviseable:
<webServices>
<protocols>
<remove name="Documentation" />
<remove name="HttpGet" />
<remove name="HttpPost" />
</protocols>
</webServices>
Thanks
Henrik.
"Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:LPSfSnVAHHA.3164@xxxxxxxxxxxxxxxxxxxxxxxx

Hello Henrik,

As Dominick has mentioned, you can configure the webservice's
protocols in
the web.config to enable/disable certain accesses to our ASP.NET
webservice. For the "WSDL" function you mentioned, it is controlled
by
the
"Documentation" protocol. So if you want to disable the Service
Description(WSDL) page, you can add the following configuration:
===================
....
<webServices>
<protocols>
........................
<remove name="Documentation" />
</protocols>
</webServices>
</system.web>
........
====================
There are also many other access controls you can set for your
ASP.NET webservice through the <protocols> setting such as http
get/post access ....

#<protocols> Element
http://msdn.microsoft.com/library/en-us/cpgenref/html/gngrfprotocols.
asp?fra me=true

Also, when you edit the web.config in VS 2005, the IDE's intellisense
can help you find all the available protocols that can configure.

Hope this helps also.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no
rights.

.

---

• References:
  • Re: Web Service Security
    • From: Henrik Skak Pedersen
  • Re: Web Service Security
    • From: Dominick Baier

• Prev by Date: RE: Trying to run in partial trust (getting a PolicyException)
• Next by Date: RE: Trying to run in partial trust (getting a PolicyException)
• Previous by thread: Re: Web Service Security
• Next by thread: RE: Issue with X509Certificate2 (works with Cassini, fails with IIS)
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Follow up question on hiding web service functions ... You should remove those protocol disabling ... This posting is provided "AS IS" with no warranties, and confers no rights. ... (microsoft.public.dotnet.xml) Re: Web Service Security ... well - you need the POST, otherwise you web service will not work... ... Dominick Baier, DevelopMentor ... (microsoft.public.dotnet.framework.aspnet.security) Re: Web Service Security ... you can configure the webservice's protocols in ... There are also many other access controls you can set for your ASP.NET ... webservice through the setting such as http get/post access ... (microsoft.public.dotnet.framework.aspnet.security) Re: Accessing Webservice thru Http-Get ... public string UpdateUser ... "Request format is unrecognized for URL unexpectedly ending in " & ... (microsoft.public.dotnet.framework.aspnet.webservices) Re: Ricoh PCI to SD device? ... >> that it implemented the sds standard sd host interface, ... > information about the protocols in their documentation. ... > implementation of the SDA's standards, FreeBSD is stuck. ... (freebsd-hackers)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2006-11