Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / September 2004

Tip: Looking for answers? Try searching our database.

Web Services and Protecting Code

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Daniel Friend - 20 Sep 2004 11:17 GMT
I am new to web services.  I have am running a sample web service for
testing.  It seems that if I type the URL in the web browser, it displays
all active web method functions.  How do I turn that off, I don't want a
person to stumple across my web service on the net and be able to use the
functionality.

Also, I am using a Web Reference in my VB program and it seems in debug
mode, it imported my code... that is fine for me, but how do I stop the
outside work from doing the same, if they stumble across the URL of the web
service.

Thanks and please help... I am new and want a web service to do some
functionality to a secure database over the net using by VB App and can not
have the functionality available to anybody that is not using the VB app.

Thanks for your help.... I greatly appreciate it!

Dan
Reply to this Message
Trebek - 20 Sep 2004 15:19 GMT
Dan,

You are really asking a two-part question here.  By definition, a web
service is available to the outside world unless secured thru other means
(client certs, acl, etc...).  You can deny access to unauthenticated users
via IIS or web.config if you want to restrict the ppl contacting and using
the service.  This is part 1.  Part 2 is about putting a security model in
place to disallow unauthorized users.  A really good place to start here is
WSE2.0.  If you cannot use this for any reason, I would suggest doing your
own soap header authentication.  It is very easy but doesn't have all of the
plumbing of WSE.  This way it doesn't matter who can see the service, they
cannot access it without your app's permission.

HTH,

Alex
> I am new to web services.  I have am running a sample web service for
> testing.  It seems that if I type the URL in the web browser, it displays
[quoted text clipped - 14 lines]
>
> Dan
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.