Re: Web Service Security



Minor detail :-)

I have just tested it today and I works fine without the Documentation and
the get protocols.

Thank you for your help.

Henrik.

"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:4580be6319b808c8d025b8f50e50@xxxxxxxxxxxxxxxxxxxxx
well - you need the POST, otherwise you web service will not work...

---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com

Hi again,

So something like this would be adviseable:
<webServices>
<protocols>
<remove name="Documentation" />
<remove name="HttpGet" />
<remove name="HttpPost" />
</protocols>
</webServices>
Thanks
Henrik.
"Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:LPSfSnVAHHA.3164@xxxxxxxxxxxxxxxxxxxxxxxx
Hello Henrik,

As Dominick has mentioned, you can configure the webservice's
protocols in
the web.config to enable/disable certain accesses to our ASP.NET
webservice. For the "WSDL" function you mentioned, it is controlled
by
the
"Documentation" protocol. So if you want to disable the Service
Description(WSDL) page, you can add the following configuration:
===================
....
<webServices>
<protocols>
........................
<remove name="Documentation" />
</protocols>
</webServices>
</system.web>
........
====================
There are also many other access controls you can set for your
ASP.NET webservice through the <protocols> setting such as http
get/post access ....

#<protocols> Element
http://msdn.microsoft.com/library/en-us/cpgenref/html/gngrfprotocols.
asp?fra me=true

Also, when you edit the web.config in VS 2005, the IDE's intellisense
can help you find all the available protocols that can configure.

Hope this helps also.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no
rights.





.



Relevant Pages

  • RE: Follow up question on hiding web service functions
    ... You should remove those protocol disabling ... This posting is provided "AS IS" with no warranties, and confers no rights. ...
    (microsoft.public.dotnet.xml)
  • Re: Web Service Security
    ... well - you need the POST, otherwise you web service will not work... ... Dominick Baier, DevelopMentor ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Web Service Security
    ... you can configure the webservice's protocols in ... There are also many other access controls you can set for your ASP.NET ... webservice through the setting such as http get/post access ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Accessing Webservice thru Http-Get
    ... public string UpdateUser ... "Request format is unrecognized for URL unexpectedly ending in " & ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Ricoh PCI to SD device?
    ... >> that it implemented the sds standard sd host interface, ... > information about the protocols in their documentation. ... > implementation of the SDA's standards, FreeBSD is stuck. ...
    (freebsd-hackers)