Service1Wse ok, but Service1 always enabled?

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

AndiRudi - 28 Mar 2005 18:27 GMT

I installed Wse1 and got it to work with a selfmade UsernameToken. But then I
found something serious. I can always user the standard way via Service1 =
new Service1 to access the Server without the Identification.

What is wrong?

Reply to this Message

Mirtul - 30 Mar 2005 19:09 GMT

Don't take this as a professional advice as I have just started using WSE
myself... but here's some things I put into my code to prevent this... Not
sure if it is foolproof...

In web.config under <webServices> add:
<protocols>
    <remove name="HttpPost"/>
    <remove name="HttpGet"/>
    <remove name="HttpPostLocalhost" />
</protocols>

This should prevent the web service from responding to these protocols if I
am correct, preventing anyone from calling your web service these ways.

And for each message check the following at the server:

SoapContext requestContext = RequestSoapContext.Current;
if (requestContext == null)
{
throw new Exception("No Request Context Provided");
}

The normal proxy don't attach the RequestContext I believe. I have some
other preprocessing I need to do to each message so this snippet just went
into that preprocessing stage.

/Mirtul

> I installed Wse1 and got it to work with a selfmade UsernameToken. But then I
> found something serious. I can always user the standard way via Service1 =
> new Service1 to access the Server without the Identification.
>
> What is wrong?

Reply to this Message

Rate this thread:

Service1Wse ok, but Service1 always enabled?

Free Magazines