Wednesday, August 25, 2010

Silverlight communication with WCF service, Disable the .svc web browser Access

For the latest Silverlight 4.0. the WCF client runtime supports two Message Encodings, the  mtomMessageEncoding encoding is not available yet.

  • BinaryMessageEncoding
  • TextMessageEncoding

So from the client side (browser side) prospective, the Siliverlight APP communicate with the WCF service(.svc) either using the Soap/Text Format or Soap/Binary Format. typically, you can tell this from the Content-Type Header.

  • application/soap+msbin1
  • application/soap+xml;
image

here is the binaryencoding.

image

If you browse the .svc url directly. you may be able to see the wsdl ( if you enabled the servermetadata httpget already)
image
always, you don’t want end user to view this information directly.  hope the user will get a customer error or even 404 error. How to do that?

Write a simple Http Module and deploy it to the web server that host SVC service, And Deny those request, only support the soap+xml or soap+msbin protocal. 
image

then when user try to access the .svc directly, will get 404 error as we expect.

 image

Posted by Ryan at 9:06 PM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Locations of visitors to this page