This project is read-only.

How to Stop Clients from Referencing Your Service

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

If you want block clients from accessing the WSDL of your service you should remove all metadata exchange endpoints and set the httpGetEnabled and httpsGetEnabled attributes to false. If the metadata is exposed, unwanted clients will be able to generate proxy files (e.g. using SvcUtil.exe) and inspect potentially sensitive methods and parameters offered by the service.

To stop your clients from referencing your service, stop your service from publishing its metadata. To do this, remove all the Mex endpoints from your service configuration and configure HttpGetEnabled and HttpsGetEnabled to false in the ServiceBehavior section as shown below:
<serviceMetadata httpGetEnabled="False" httpsGetEnabled="False"/>

Additional Resources

Last edited Jun 13, 2008 at 7:33 PM by prashantbansode, version 1


No comments yet.