I have a site in development with several web services (ASMX) that post important

Question

0

Asked: May 13, 20262026-05-13T11:38:57+00:00 2026-05-13T11:38:57+00:00

I have a site in development with several web services (ASMX) that post important

0

I have a site in development with several web services (ASMX) that post important data to my database. When I navigate to the ASMX file in my browser, I can fill in the form with the parameters and post to the DB. If someone finds the URL to my WS, they can severely alter my database. I want to prevent people from being able to post to my WS publicly. So far, I’ve thought of two things that may help but I’d like to know if there are any other ways:

Check to see if the HTTP Referrer to the WS method is the domain the WS is on
Add an additional parameter called Key to all important WS methods and have this be an encrypted “password.” Then encrypt my stored password on the WS side and compare if the keys match.

If there are any other best practices or techniques I can use to secure my WS, please share!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-13T11:38:58+00:00

Editorial Team

2026-05-13T11:38:58+00:00Added an answer on May 13, 2026 at 11:38 am

The easiest thing to do is to just disable that test page. You can do this by adding the following to your web.config of your web service:

<webServices>
<protocols >
<remove name="HttpGet"/>
<remove name="HttpPost"/>
<remove name="HttpPostLocalhost"/>
</protocols>

Also, here is a decent article on other ways to secure your web service, including adding authentication in the soap header.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a site in development with several web services (ASMX) that post important

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply