I understand how to set security for a ASP.NET web page, how to encrypt a Silverlight page, and a WCF application, but my question goes to this: given a web method, which by definition must be public, how do you keep people from accessing it outside
of your client program?
If your program (client) is the only way to access this web method, then there's no problem. But it is impossible to make a web method private--it won't compile--so how to keep people from using it? The only thing I can think of is that if you call
your web method by an obscure sounding name, it's likely nobody will guess the URL, and if you set your server so it cannot be searched (dir *.*) by the public, it's unlikely anybody will ever guess the name of the web method. But this is hardly 100%
secure. And what if you call your web method "DoWork", which is the default OperationContract name in Visual Studio?
What am I missing?
//what I have in mind
public interface IService1
public string DoWork()
//secret stuff in here
string SecretStuff = "S
View Complete Post