Private webservice?

  • Thread starter Thread starter Hugh
  • Start date Start date
H

Hugh

Hello everyone,

I'm reasonably new to webservices, and have been playing around with
creating one in VS .NET, and then writing another app, and adding a web
reference to it to communicate with my web service. What I was wondering, is
if someone got the URL to this web service, are they free to use it? I'd
like to be able to create one for private use, to post data to my website.
Is this possible?

Cheers.
 
Hi Hugh,

Hugh said:
Hello everyone,

I'm reasonably new to webservices, and have been playing around with
creating one in VS .NET, and then writing another app, and adding a web
reference to it to communicate with my web service. What I was wondering, is
if someone got the URL to this web service, are they free to use it? I'd
like to be able to create one for private use, to post data to my website.
Is this possible?
Click to expand...

If you create a web service on a public web server, then anyone else can
see and use that web service, yes. Googling "web service security"
(especially in Google Groups) will give you some ideas about how to deal
with this. Be warned, however, this is a complex subject and there is not
much out-of-the-box support for this kind of think in .NET 1.x.

Regards,
Dan
 
Daniel Pratt said:
Hi Hugh,

wondering,

If you create a web service on a public web server, then anyone else can
see and use that web service, yes. Googling "web service security"
(especially in Google Groups) will give you some ideas about how to deal
with this. Be warned, however, this is a complex subject and there is not
much out-of-the-box support for this kind of think in .NET 1.x.

Regards,
Dan
Click to expand...
Thanks Dan, appreciate your help.

If I was to implement my methods by including username and password
arguments, and get the client application to pass these credentials each
time it calls a method from the webservice, would this be secure enough?

Also, what are the chances of people actually finding a webservice on a
public server if its location is not published? Would search
engines/crawlers be able to pick it up?

Cheers, Hugh
 
If I was to implement my methods by including username and password
arguments, and get the client application to pass these credentials each
time it calls a method from the webservice, would this be secure enough?
Click to expand...

Practically yes, if you use SSL and check the server cert, passing the
credentials is a decent way.
Also, what are the chances of people actually finding a webservice on a
public server if its location is not published? Would search
engines/crawlers be able to pick it up?
Click to expand...

I think VS.NET publishes the locations (disco files?), and there is some
kind of auto-detection available. I'm not sure if that's only for machines
with VS.NET installed though. Search engines might grab them if there was a
link to it. Also, if you have a way to browse directories, people could see
the .asmx files.

You might want to look into the Web Service Enhancements (WSE, search MSDN).
They have some security enhancements that might help you out.

-mike
MVP
 
Hello everyone,

I'm reasonably new to webservices, and have been playing around with
creating one in VS .NET, and then writing another app, and adding a web
reference to it to communicate with my web service. What I was wondering, is
if someone got the URL to this web service, are they free to use it? I'd
like to be able to create one for private use, to post data to my website.
Is this possible?

Cheers.
Click to expand...
If they're all on the same box, and the client has to get the WSDL file, why not
set the target machine has http://localhost/... ??

Also, your service could probably get the peer address...

/steveA
Steve Alpert
my email (e-mail address removed) is encrypted with ROT13 (www.rot13.org)
-------------------------------------------
NOTICE OF CONFIDENTIALITY
-------------------------------------------
The information in this email, including attachments, may be confidential
and/or privileged and may contain confidential health information. This
email is intended to be reviewed only by the individual or organization
named as addressee. If you have received this email in error please
notify IDX immediately--by return message to the sender or to
(e-mail address removed)--and destroy all copies of this message and any
attachments. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent
those of IDX. Confidential health information is protected by state and
federal law, including, but not limited to, the Health Insurance
Portability and Accountability Act of 1996 and related regulations.
 
Back
Top