VIP WCF, Only My Application can see but no else can see any reference at all

Question

There is a WCF I created on the server, running.

And I built an application that connects this url. This is an exe that can be run in every PC. The thing that I want, only this app can see this WCF, and can use its utilities, the others can see nothing, no url , no reference, no wsdl of the web service.

How can I create this environment..?

Answer 1

As you're using WCF web services, you can remove the <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> elements from your <system.serviceModel> <services> <service> elements to prevent requests for metadata being honoured.

The problem with what you're after is:

• Anyone can use something like Fiddler to intercept your web service requests and inspect them. You could use HTTPS to make this harder
• Anyone can disassemble your code to see what it's doing, retrieve URLs and see what the methods are that your web service exposes.

Answer 2

You are looking for authentication. Only client with valid credentials will be able to use your service. This requires some changes in service configuration and client code.

Reference and WSDL are removed by modifing service configuration:

• Remove metadata endpoint as Rob described in his answer.
• Remove serviceMetadata behavior

Default service page is removed by modifing another service behavior

• On serviceDebug behavior set httpHelpPageEnabled to false.