I have a .NET web service which is publically accessible since it needs to be accessible via Flex. It currently only has read operations.
I want to add some admin only web methods to the same webservice such as UpdateWeather and StartRainstorm. Obviously I don’t want my end user being able to do change weather patterns.
So I just want to hide the wsdl so that it cannot be accessed via the standard ?wsdl parameter. Ultimately I’ll add on better security etc. but I need a quick fix for now. I figure if they don’t know the method name they won’t be able to access it.
I want to be able to disable the WSDL generation – which I can do by adding <add name='Documentation' /> to my web.config. BUT I want to be able to access the WSDL in some other ‘secret’ way that only I know so I dont have to keep going to the server. How could I achieve this. I’m fine if its a secret URL or a secret parameter or whatever.
I’m fine with this security through obfuscation approach for now.
One thing you could do is expose another endpoint for the admin contract. Then turn off the WSDL publisher on that admin endpoint. Eventually you could configure security just on the administrative endpoint if you wanted.
This is assuming you are using WCF.
Update: Check out this WCF getting started tutorial. You’ll like WCF more than ASP.NET/ASMX services once you learn a bit about it.