tags:

views:

772

answers:

2
Q: 

What ways can I hide the WSDL from end users that have the service URL

I have a .NET web service which is publically accessible since it needs to be accessible via Flex. It currently only has read operations.

http://www.example.com/webservices/weather.asmx?wsdl

I want to add some admin only web methods to the same webservice such as UpdateWeather and StartRainstorm. Obviously I don't want my end user being able to do change weather patterns.

So I just want to hide the wsdl so that it cannot be accessed via the standard ?wsdl parameter. Ultimately I'll add on better security etc. but I need a quick fix for now. I figure if they don't know the method name they won't be able to access it.

I want to be able to disable the WSDL generation - which I can do by adding <add name="Documentation" /> to my web.config. BUT I want to be able to access the WSDL in some other 'secret' way that only I know so I dont have to keep going to the server. How could I achieve this. I'm fine if its a secret URL or a secret parameter or whatever.

I'm fine with this security through obfuscation approach for now.

+1  A: 

why won't you just create another web service? Seems simpler

NTulip  2009-02-04 03:22:26
for some cases that definitely would make sense. i'd actually like to hide my WSDL completely from end users but still get access to it so i can generate a proxy when i update it. the 'admin' operation are the reason i have to get a solution NOW but i dont really want people snooping my WSDL at all
Simon_Weaver  2009-02-04 03:34:43
+1  A: 

One thing you could do is expose another endpoint for the admin contract. Then turn off the WSDL publisher on that admin endpoint. Eventually you could configure security just on the administrative endpoint if you wanted.

This is assuming you are using WCF.

Update: Check out this WCF getting started tutorial. You'll like WCF more than ASP.NET/ASMX services once you learn a bit about it.

spoon16  2009-02-04 03:24:08
i'm using just a standard web service, but consuming it using a WCF service reference. WCF is one of those technologies i havent learnt much at all about yet. is it easy to make a regular web service into a WCF service ?
Simon_Weaver  2009-02-04 03:28:43

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?