Proxy Considerations

Previous page
Table of content
Next page

If you use WSDL to automatically generate a proxy class to communicate with a Web service, you should verify the generated code and service endpoints to ensure that you communicate with the desired Web service and not a spoofed service. If the WSDL files on a remote server are inadequately secured, it is possible for a malicious user to tamper with the files and change endpoint addresses, which can impact the proxy code that you generate.

Specifically, examine the <soap:address> element in the .wsdl file and verify that it points to the expected location. If you use Visual Studio .NET to add a Web reference by using the Add Web Reference dialog box, scroll down and check the service endpoints.

Finally, whether you use Visual Studio.NET to add a Web reference or manually generate the proxy code using Wsdl.exe, closely inspect the proxy code and look for any suspicious code.

Note  

You can set the URL Behavior property of the Web service proxy to Dynamic , which allows you to specify endpoint addresses in Web.config.



Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
Java I/O
Java for RPG Programmers, 2nd Edition
Visual C# 2005 How to Program (2nd Edition)
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
Quantitative Methods in Project Management
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy