Block access to WebService.asmx in asp.net

Question

I have built a simple asp.net web application running asynchronously, using WebService.asmx file to access the database. I need to secure the file so clients won't be able to access it, but only the javascript code through an http request. (the file is located on domain.com/WebService.asmx).

I read that people suggest using a user authentication system yet this is not applicable (because it can be easily manipulated).

My final goal is to block the access to the WebService.asmx file from anywhere but the javascript file.

I'm using visual studio 2013 but the app will run on a Windows Server 2012.


Show source
| javascript   | security   | c#   | asp.net   | web-services   2017-01-07 10:01 1 Answers

Answers ( 1 )

  1. 2017-01-07 11:01

    In short, you can't.

    Javascript runs on the client, in the browser.
    Calling a asmx webservice through Javascript is no different visiting the URL in your browser (or any other client - Postman / Fiddler for example)
    The server won't know any different.

    Secure it appropriately.

◀ Go back