How to Hide the WSDL File or Webservice

This article shows how to hide your web service, but before that I will tell you what the problem behind it is.


Introduction

This article shows how to hide your web service, but before that I will tell you what the problem behind it is.

Use the following procedure to understand this in detail.

Step 1: Create a web application and add a web service with some code to it.

Create a web application named "WebApplication1" as in the following:



Create a Web Service named "Web Service 1" in the web application.



Step 2: Write a web method in the service and run it.

Write a web method in the service that accepts 2 int values as input parameters and after addition of both values, return a string value that contains the addition.

[WebMethod]
       
public string Addition(int value1, int value2)

        {

            int result = value1 + value2;

            return "Addition= "+ result.ToString();

        }



Run the web service and note the URL of the service.



Step 3: Create a Console application and add a reference of the web service in it.

Add a new project by right-clicking on the solution file then select "Add" -> "New Project..." as in the following:



Note: You can also create a new project in a new Solution file.

Create a console application named "ConsoleApplication1" as in the following:



Now you have 2 two projects in your solution file.



Now add the reference of the web service to the console application. To do that, right-click on the console application and then seelct "Add Service Reference..." as in the following:



Click on the "Advanced..." button.



Click on the "Add Web Reference..." button.



Provide the URL of the web service that you have noted previously after running the web service and click on the arrow ("->") button.



You can see both web methods of your web service. Before adding the reference, you can change the web reference name as you prefer or need to; here I used "MyService". Now click on "Add Reference".



Step 4: Write some code in the console application for calling the web method of the web service and run it to see the output.

Write the code

Create an object of your service that will be accessed by the web reference name. The web service name is like here:

‘MyService.WebService1’.MyService.WebService1 obj = new MyService.WebService1();

Read the 2 int values from the user with the following:

int value1 = Convert.ToInt32(Console.ReadLine());
int
value2 = Convert.ToInt32(Console.ReadLine());

Call the web method with 2 input parameters obtained from the user by the object of web service and save it into a string variable named "result" as in the following:

string
result = obj.Addition(value1, value2);

Print the result:

Console
.WriteLine(result);



Set the console application project as the Startup project by right-clicking as in the following:



Run the application and provide the 2 integer values, one by one as in the following:

Type "1" and press Enter
Type "2" and press Enter

See the results.



Problem: After running the web service click on "Addition" web method that shows 2 TextBox boxes, you can invoke the web method after passing 2 int values in it.



It will show the result.



The main problem will occur when you execute the query in your web service.

Suppose you have a web service that contains some web methods for performing some action in the database, like insert, update and delete, that accepts some input parameters.

And you are accessing those web methods in another application after referencing the web service.

In the preceding scenario anyone can change your database, if he knows the "URL" of your web service like in the web service example I passed 2 int values by the textboxes that are automatically created after the web method selection.

Solution: You can fix it in many ways, ihncluding:

Windows Authentication: By retracting it with a specific User ID and password.

Forms Authentication: By the token generation on every request.

But these ways are used when you change the code of your web service frequently. If you don’t change the code then you can do minor changes in your "web.config" to provide the restriction.

Note: You need to add/update the service reference on the client side before using either solutions, then you can’t add/update the service reference.

Solution 1: Write some code in your " web.config" file in the <system.web> section.

<
system.web>
    <
webServices>
        <
protocols>
            <
remove name="Documentation" />
        </
protocols>
    </
webServices>      
</
system.web>

This code will not generate the documentation of the web service and if you again run the web service then it will provide the exception. It also disables WSDL file generation for any Web Services within the web application.

Now if you run your web service then that will show the error as in the following:



To get rid of this use the "custom error " tag in the <system.web> section of " web.config" that redirects it to the custom error page as in the following:

<customErrors mode="On" defaultRedirect="error.aspx"></customErrors>



Solution 2: You can add a <wsdlHelpGenerator> element to the "Web.config" file for the web application and set the href attribute to a cutom error page you have created.

In the <system.web> section:

<webServices>

     <wsdlHelpGenerator href="error.aspx"/>

     </webServices>


Run the web service.