Disable Protocol Support for Web Services

1 07 2010

Last time when i developed webservice, my Staff is asking about how to provide Secruity of Webservice

I browse some sites, i got nice aritcle from microsoft site

http://msdn.microsoft.com/en-us/library/9hdd3w8c(VS.80).aspx

http://msdn.microsoft.com/en-us/library/ff649362.aspx

What is the purpose of disable Protocol:-

Actually when we are implement webservice it is accept Http-Get,Http-Post and Http Soap protocols, but somebody send the request in the form of Http-Get and Http-Post to reduce the risk for invoke webservice.

for Security purpose we will disable Http-Get and Http-Post because soneone is calling Http request.

Http-Get and Http-Post is for Testing form when we are testing in local server or production server.

Make sure if you are deploy your service into production server please remove Http-Get and Http-Post

how to Remove

Go to web.config, search <webService></webService> tag

if not there put this tag under <system.web>

remove these protocols

<webServices>
<protocols>
<remove name=”HttpGet”/>
<remove name=”HttpPost”/>
<remove name=”HttpPostLocalhost”/>
<remove name=”Unknown”/>
</protocols>
</webServices>
now run you webservice locally or production from IIS Server you can get the webservice list but you cant test, if you want test comment the above code in web.config.  Once your testing over make sure uncomment those line for security purpose
Advertisement

« »


Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s


Follow

Get every new post delivered to your Inbox.