Friday, April 13, 2007

Disabling the ASP.Net ?WSDL command

When designing Web Services with the Microsoft ASP .Net technology the automatically generated WSDL file is accessible by adding the “?WSDL” command to the ASMX file URI. e.g : http://www.webservicemart.com/phone3t.asmx?WSDL

You might want to hide this wsdl file for a number of reasons:

  • To deploy a hand-written WSDL file and be sure that no one uses the automatically generated WSDL.
  • To hide the WSDL and thus limiting access to the people you have given a version of the WSDL file to. Therefore ensuring a very basic protection of sensitive data exposed by the Web Services.

Whatever your motivation is, several solutions are available to you. The easiest one is to add these lines in the web.config file :

<system.web>

<webServices>

<protocols>

<removename="Documentation"/>

</protocols>

</webServices>

</system.web>

By using this solution, the HTML documentation available when accessing a wsdl page (e.g : http://terraservice.net/TerraService.asmx) will no longer be accessible, same for the “?WSDL” command result. And this for every ASMX pages presents in the project.

If you want more control (hiding only some ASMX pages, hiding only “?WSDL” but not regular documentation, modifying HTML documentation, …) you might want to consult this article.

1 comment:

Anonymous said...

http://labs.live.com/
Nice blog you might want to have your eyes on ;)