62

I created a Web Service in .Net and so the address of the service file has a nifty auto generated explanation about how it works. When I run the page from the machine it's hosted on it even has a form that I can use to submit test values to the service. However on remote machines it hides the form and gives the message as seen above.

Is there a point to this? I've seen other sites call this "more secure" but anyone could create their own forms easily making this nothing more than a nuisance if you ask me.

Spencer Ruport
  • 34,575
  • 11
  • 83
  • 145
  • 2
    Did you have a question? You may also want to say what .NET version you're using, or whether you're using ASMX services or WCF. – John Saunders Jun 22 '09 at 16:02
  • How can I call the webService? I need to execute the event when anychange happens on the ServerSide. Should I put the program in the Server HOST? –  Oct 04 '11 at 17:30

4 Answers4

172

You can work around this issue by modifying your web.config to include these nodes:

<configuration>
    <system.web>
     <webServices>
        <protocols>
            <add name="HttpGet"/>
            <add name="HttpPost"/>
        </protocols>
    </webServices>
    </system.web>
</configuration>

This will allow you to visit the .asmx web service via your browser. You can then invoke the web services right in your browser, pass arguments, and view the results.

p.campbell
  • 95,348
  • 63
  • 249
  • 319
  • 10
    +1 because my app is in a secure environment and for QA this is totally needed. Thanks. – bryan Mar 12 '10 at 18:36
  • Helps me too, but have another issue, as it redirects me to page with port specified. How can I remove port from address string. – Johnny_D Nov 14 '12 at 13:22
  • I know it's been years, but this was bugging me. Luckily with transforms we can add this to Dev and UAT publishes, and yet keep it out of Live, even if realistically it's still a nuisance to get at it.. – Fetchez la vache Jul 26 '16 at 14:30
  • 1
    What is the security concern with this method? Anyone can access it or can I enable authentication before allowing to expose the service? – Si8 Jan 19 '17 at 21:01
  • This should be the accepted answer along with the information in the currently accepted answer. – Hoody Sep 13 '18 at 10:55
14

Just FYI I'm using .NET 4.0 and had this same problem.

However I used...

<add name="HttpSoap12"/>
<add name="HttpSoap"/>
<add name="HttpGet"/>
<add name="HttpPost"/>

In those same areas and it worked. But with just HttpGet and HttpPost it did not.

Brian
  • 12,842
  • 7
  • 33
  • 43
Mike Martin
  • 443
  • 5
  • 13
5

enter image description here

HTTP GET and HTTP POST Are Disabled by Default

Mina Gabriel
  • 19,881
  • 24
  • 93
  • 121
4

If you are publishing metadata and it's a public/unsecured web service, you are right, it would be easy enough for anyone to generate a simple client to hammer away at your web service. In that case, having the web client only generated on the local machine does seem like a nuisance.

If your service is private and secured, however, it would be a huge security hole, giving anyone with the name of the server and service an authenticated client to use to potentially access your data and do all kinds of harm.

I imagine the policy of generating the UI for ASMX Web services only on the server itself was an attempt to provide some nice tooling while eliminating accidental security holes. WCF has done away with this in any case, you can generate clients only if the metadata is published, and they need to implement the correct security in order to access the services.

Guy Starbuck
  • 21,125
  • 6
  • 52
  • 63
  • 3
    The answer below (the one with 120+ upvotes) tells you how to get it working - good luck! – Guy Starbuck Jan 19 '17 at 21:48
  • I asked this question: http://stackoverflow.com/questions/41752213/why-is-asmx-giving-an-error-with-pulling-data-from-client-script. Can you please help? – Si8 Jan 19 '17 at 21:50