 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / February 2005Web References bound at run-time or compile-time?
Are Web References (WSDL references) bound/refreshed/updated/downloaded/whatever at compile-time or run-time? I'm trying to understand more about the necessity of WSDLs. If I distribute a rich client that has been bound to a WSDL at compile-time, and that WSDL is -not- publicly available on the internet, is it still possible to consume the web service described by the WSDL? It seems to me that this would be a good measure to prevent mischief makers from a) discovering and b) consuming a private service. -- Jeff S. Depends on the development environment Jeff. In Visual Studio .Net 2003 It kinda happens at compile time, in reality it happens at Design time whenever you create a web service or refresh an existing one. Other then that it never rechecks the web service wsdl. However say in Visual FoxPro using the SOAP Toolkit, It actually creates an object dynamically at runtime. The WSDL simply desribes the serivices available. Kinda like going to McDonald's and seeing whats on the menu, you then pick what you want. I'm working in Visual Basic .NET 2003. And I'm trying to understand all the subtleties involved in "hiding" a service that is designed to be private, authentication concerns notwithstanding. I'm new to web services, and want the service I'm about to develop to be difficult if not impossible for someone to "stumble across." Based on my understanding so far, if the WSDL isn't available to the internet, but -has- been included in the rich client's assembly, then the service is usable, but invisible to curious eyes. -- Jeff S. > Depends on the development environment Jeff. In Visual Studio .Net > 2003 It kinda happens at compile time, in reality it happens at Design [quoted text clipped - 4 lines] > available. Kinda like going to McDonald's and seeing whats on the > menu, you then pick what you want. Yes so in the simpliest case you can create a web service proxy assembly. And just distribute that. However security through obscurity is not a good solution. If you really want to secure this. maybe you should use windows authentication, or amybe WS-Security through WSE (Web Service Enhancements). yes it is more complex, but it is also a better security model then simply obscurity Of course, and we plan on instituting an authentication scheme. But even authentication schemes can be cracked. Hiding the thing to be cracked simply decreases the odds that it will be. I've considered Windows authentication, but am not keen on the idea of creating Active Directory accounts for the myriad unique rich clients that will access the service. I was excited to learn about certificates, though I'm not sure we can afford the fees for a CA, and I'm not sure whether we're in a position to act as a CA ourselves. I'm not familiar with WS-Security or WSE... I'll look into that. Thanks! -- Jeff S. > Yes so in the simpliest case you can create a web service proxy > assembly. And just distribute that. However security through > obscurity is not a good solution. If you really want to secure this. > maybe you should use windows authentication, or amybe WS-Security > through WSE (Web Service Enhancements). yes it is more complex, but it > is also a better security model then simply obscurity Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.