Do not expose .NET Remoting endpoints on Internet- facing Web servers. To disable Remoting, disable requests for .rem and .soap extensions by mapping requests for these file extensions to the HttpForbiddenHandler . Use the following elements beneath <httpHandlers> :
<httpHandlers> <add verb="*" path="*.rem" type="System.Web.HttpForbiddenHandler"/> <add verb="*" path="*.soap" type="System.Web.HttpForbiddenHandler"/> . . . </httpHandlers>
Note | This does not prevent a Web application on the Web server from connecting to a downstream object by using the Remoting infrastructure. However, it prevents clients from being able to connect to objects on the Web server. |