I got few recommendations to increase web service security. One recommendation was to hide Web Service Documentation. Because WSDL provides all the information about the Web service. Anyone can consume this WSDL and generate a proxy to talk to the Web service. Now say that you are working on a secure Web service and you would like to hide all the information about the Web service. It is only available to some known clients, which are already aware of the WSDL/schema. You can instruct the ASP.NET runtime not to generate any documentation for the Web service by updating the web.config like this:
<configuration>
<system.web>
<!--
HIDE THE DOCUMENTATION FOR THE WEB SERVICE
-->
<webservices>
<protocols>
<removename="documentation"/>
</protocols>
</webservices>
<system.web>
</configuration>
As soon as you update the web.config, you can neither access the HTML documentation page nor the WSDL for the Web service. Tested on .NET web services.
More details from 15seconds
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment