In my Sencha touch app. i use .net websevice to get data in xml format.
I call it using Ext.Ajaxrequest as bellow
var frmurl ='http://Server/sencha/WS/web.asmx/GetData';
Ext.Ajax.request({
url: frmurl,
method: 'post',
params: {
whereCondition :WhereCond,
ReportName:rptname
},
success: function(Response) {
renderReport(Response.responseText,'1');
}
, failure: function (Response, request)
{
Ext.MessageBox.alert('Error, unable to load data');
} //</failure>
});
Its working fine and giving me correct result but i need to add below tag in web.config to make it working
<webServices>
<protocols>
<add name="HttpGet"/>
<add name="HttpPost"/>
</protocols>
</webServices>
But due to this anyone can invoke webmethods which is major security issue.
if i remove this tags then unable to call webservice and gives internal server error.
Please help me.
thanks
What you’re finding is that you need to enable at least one “protocol” in order for a client system to communicate with your Web Service, so you could enable
HttpSoapif your client device supported SOAP or enableHttpPostLocalhostif your client and server were always on the same machine (which yours won’t be as your clearly building a mobile site).However, what you’ve also discovered is that Web Services by their very definition can be accessible by anyone when they are published, unless you setup some kind of authentication, or restrict access to the Web Service by some other means, like restricting by IP address etc.
You might not know it yet, but this question/answer is similar to yours and should help you come to a fairly standard way of achieving what you’re after.