Hi,
What measures can you take to 'hide' a WCF service from the public?
i.e. even if they know the URL, you don't expose the methods etc.
+1
A:
I don't think you can if they have any idea what the specs for your contract are. If they don't, then they're just randomly guessing (as long as you don't expose metadata). Your best bet is to have an authentication function in your contract which must be called first and is necessary for subsequent calls to be allowed.
Steve
2009-02-20 15:14:13
A:
Another thing you want to be sure to NOT do, is to publish the meta data (WSDL or MEX) for the service. If you publish the WSDL, then someone can very easily see all of the methods on your service.
christophercotton
2009-02-20 16:20:09
A:
Don't expose it over HTTP. Use TCP binding and host it on your intranet. No one outside the intranet will ever be able to find it. Alternatively host it via Named Pipes and no one will ever find it outside your own machine.
If you're using a HTTP based protocol there's no way to hide it other than making the url something obscure that people might not ever search for.
Terry Donaghe
2009-02-20 16:32:15