1

I have web service page(webservice.asmx) being consumed javascript call and I want to
restrict public request to this webservice other than request from local pages that is aspx or
from javscript. The web service checks for form-authentication before it gets executed but
list of services are viewable and the parameters are accesible in .asmx page . users can
type www.site.com/webservice1.asmx to access my webservice. so i need to restrict that
option. how do we secure the asmx file from public user access.?

Sandip Armal Patil
  • 6,241
  • 21
  • 93
  • 160
user1394285
  • 11
  • 3

1 Answers1

1

I think you want to restrict HTTP GET access to your web service, modify the webServices section of Web.config:

<webServices>
     <protocols>
       <add name="HttpPost" />
       <remove name="HttpGet" />
       <remove name="Documentation"/>
     </protocols>
</webServices>

Edit - Other ways to disable HTTP GET

  1. Add this attribute just above your web methods:

    [ScriptMethod(UseHttpGet = false)]

  2. Add this check inside each web method:

    if (HttpContext.Current.Request.HttpMethod == HttpMethod.POST)
    // Do your work
Software Engineer
  • 3,906
  • 1
  • 26
  • 35
  • it is not working ..I m using forms authentication in application . Is there any security checking on service to restrict the public user. – user1394285 May 15 '12 at 08:33
  • it is working when i use but i think it is not a proper way , Is it possible to add security checking in webservice so that can restrict the users? – user1394285 May 15 '12 at 08:41