I created an ASP.NET WebService to use with ASP.NET Ajax. The WebService is in the same field and the same web application that should be used, so I do not want to allow remote access to this web service, but it only responds to requests from localhost.
There is no configuration section in Web.Config, and before that there is no httpPost and httpGet. It is perfectly. However, if I go directly to the WebService URL from a remote machine, it still loads and shows me a list of methods. By clicking on this method, I get a message that the test form is not available for remote computers (as intended), but it lists information on how to issue a soap request and process the soap reaction.
In addition, I believe that the bot of some curious user is cleaning me up, because now I get an error message in my log, for example ...
System.InvalidOperationException: Request format is unrecognized for URL unexpectedly ending in '/ValidateUsername'.
This happens if you try to execute a GET request (by manipulating the query string) remotely. I am glad that it does not process the request, because I do not want remote users to access this service, but I would prefer it to not give an error.
How to block a web service so that it is not accessible to a remote computer, but still accessible to a local computer like ScriptService using ASP.NET Ajax?
UPDATE: Well, here you can give an example of what is happening.
WebSite: http://so.weirdwes.dyndns.org/default.aspx
WebService: http://so.weirdwes.dyndns.org/services/services.asmx
Web.Config:
<webServices> <protocols> <remove name="HttpGet"/> <remove name="HttpPost"/> </protocols> </webServices>
The website uses the WebService with the ScriptManager and ScriptReference tag. You will notice that if you click the button, the web service is called and everything works, even if Post and Get have been deleted. This is great, because we want it to work. The problem is that .... http://so.weirdwes.dyndns.org/services/services.asmx/GetRemoteAddr
Server Error in '/' Application. -------------------------------------------------------------------------------- Request format is unrecognized for URL unexpectedly ending in '/GetRemoteAddr'.
A bot or something is scraping this URL and it generates errors that we are notified of. I want to suppress this error or completely block it. If I change Web.Config and add the Get and Post protocols again, this error will disappear, but then it will remove access to the web service remotely using Get, which we do not want.