How do I secure ASP.NET web service to only allow relative path calling?
I have ASMX services for my web application that I would开发者_如何学C only like available to the same application.
Is there a way for the web service to only be accessible by the same application, such as relative/absolute path restrictions?
The easiest route would be to just not use a web service. If you're calling from the same application, you can probably just pull your logic into a separate class, and call it directly in your code, not via web service.
Two ways to do this:
- Have the web services hosted on a different box. The main web box is on a publicly accessible IP (ie. in the DMZ), while the web service box is only accessible to the internal network.
- You might be able to do this with sufficient networking gymnastics. For example, host the web services on the same box but a different IP, and have the firewall block any outside calls to that IP.
Web services can be called by all sorts of code, not just code that's part of a web site. So, in general, there is no "calling URL".
精彩评论