Web Services and Protecting Code

[Daniel Friend]

I am new to web services. I have am running a sample web service for
testing. It seems that if I type the URL in the web browser, it displays
all active web method functions. How do I turn that off, I don't want a
person to stumple across my web service on the net and be able to use the
functionality.

Also, I am using a Web Reference in my VB program and it seems in debug
mode, it imported my code... that is fine for me, but how do I stop the
outside work from doing the same, if they stumble across the URL of the web
service.

Thanks and please help... I am new and want a web service to do some
functionality to a secure database over the net using by VB App and can not
have the functionality available to anybody that is not using the VB app.

Thanks for your help.... I greatly appreciate it!

Dan

 

[Trebek]

Dan,

You are really asking a two-part question here. By definition, a web
service is available to the outside world unless secured thru other means
(client certs, acl, etc...). You can deny access to unauthenticated users
via IIS or web.config if you want to restrict the ppl contacting and using
the service. This is part 1. Part 2 is about putting a security model in
place to disallow unauthorized users. A really good place to start here is
WSE2.0. If you cannot use this for any reason, I would suggest doing your
own soap header authentication. It is very easy but doesn't have all of the
plumbing of WSE. This way it doesn't matter who can see the service, they
cannot access it without your app's permission.

HTH,

Alex