Article ID: 815150 - View products that this article applies to.
This step-by-step article describes how to limit the protocols that a Web service supports.
XML–based Web services exchange XML documents to communicate. This exchange can occur across any type of application-layer protocol. By default, ASP.NET Web services are exposed through four different protocols: HttpSoap, HttpPost, HttpGet, and Documentation. In many cases, only a subset of these four protocols is required. For example, Web services typically use only the HttpSoap protocol for communications. In these circumstances, if you remove the unused protocols, you increase the security of the application by decreasing the attack surface. This article describes how to disable Web services protocols that are used to communicate with an ASP.NET application.
For more information, visit the following Microsoft Web sites:
http://msdn2.microsoft.com/en-us/library/ackhksh7(vs.71).aspxFor additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/815179/EN-US/ )HOW TO: Create the Web.config File for an ASP.NET Application
(http://support.microsoft.com/kb/815178/EN-US/ )HOW TO: Edit the Configuration of an ASP.NET Application
(http://support.microsoft.com/kb/818014/ )HOW TO: Secure Applications That Are Built on the .NET Framework
Article ID: 815150 - Last Review: May 13, 2007 - Revision: 3.5