Web Service, restricting access?

Using VS2005 Professional Edition I just created a basic Web Service on Windows Server 2003 and added a web method placed it on my LIVE server...

I then created a new website project and added a reference to the Web Service on the LIVE service (www.domain.com/servicename.asmx)

In my website project I can now access the functions in the Web Service and all works great.


...

 
But, here is my problem, it was almost too easy, surely anyone could do the same, if they managed to find out the name of the .asmx file on the LIVE server, then they would have access to my web service and all the functions inside. Ultimately I want to fill this service with database functions.

How can I restrict access to this web service or make it so that only my own .NET websites can reference this service?

Thanks!
blazewadaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jjardineCommented:
One way to make it a little more difficult for someone to add a reference is to follow the steps on this site:  http://www.15seconds.com/issue/040609.htm     IT shows how to modify the web config to not server that data up.   Keep in mind there is a typo in there sample    The paret that says  <removename="..."/>   should be   <remove name="..."/>   it is missing the space.

For better security, implementing some form of authentication would be a really good idea as well.  If possible, using certificates to prove your application identity that would be probably the best.  Even implementing user name and password is a start.   keep in mind that even if you block access, if you don't use https  it is still unencrypted data across the network that can be sniffed.  You may want to look into ws-security   or some other enchanced security for web services.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.