Tutorial :How do I secure ASP.NET web service to only allow relative path calling?



Question:

I have ASMX services for my web application that I would only like available to the same application.

Is there a way for the web service to only be accessible by the same application, such as relative/absolute path restrictions?


Solution:1

The easiest route would be to just not use a web service. If you're calling from the same application, you can probably just pull your logic into a separate class, and call it directly in your code, not via web service.


Solution:2

Two ways to do this:

  • Have the web services hosted on a different box. The main web box is on a publicly accessible IP (ie. in the DMZ), while the web service box is only accessible to the internal network.
  • You might be able to do this with sufficient networking gymnastics. For example, host the web services on the same box but a different IP, and have the firewall block any outside calls to that IP.


Solution:3

Web services can be called by all sorts of code, not just code that's part of a web site. So, in general, there is no "calling URL".


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »