"The test form is only available for queries from the local machine."

Question

"The test form is only available for queries from the local machine."

I created a web service in .NET, so the address of the service file contains a great auto-generated explanation of how it works. When I start a page from the machine on which it is located, it even has a form that I can use to send test values to the service. However, on remote machines, it hides the form and gives a message, as shown above.

Does that make sense? I have seen other sites call it “more secure,” but everyone can create their own forms, easily making this nothing more than a nuisance if you ask me.

+47

security .net web-services

Spencer Ruport Jun 22 '09 at 16:00

source share

4 answers

You can work around this problem by modifying your web.config to enable these nodes:

 <configuration> <system.web> <webServices> <protocols> <add name="HttpGet"/> <add name="HttpPost"/> </protocols> </webServices> </system.web> </configuration>

This will allow you to visit the .asmx web service through your browser. Then you can call web services directly in your browser, pass arguments and view the results.

+133

p.campbell Jul 31 '09 at 15:46

source share

Just FYI I am using .NET 4.0 and have the same problem.

However, I used ...

 <add name="HttpSoap12"/> <add name="HttpSoap"/> <add name="HttpGet"/> <add name="HttpPost"/>

In the same areas, and it worked. But only with HttpGet and HttpPost this did not happen.

+13

Mike Martin Apr 24 2018-11-11T00:

source share

enter image description here

HTTP GET and HTTP POST are disabled by default

+4

Mina Gabriel Jun 02 '15 at 22:34

source share

Guy Starbuck · Accepted Answer · 2009-06-22 16:16

If you publish metadata, and this is a public / insecure web service, you are right, it would be easy for someone to create a simple client to work out your web service. In this case, having a web client created only on the local machine seems unpleasant.

If your service is private and secure, however, it will be a huge security hole providing someone with a server name and servicing an authenticated client to potentially access your data and do all kinds of harm.

I believe that the user interface creation policy for ASMX web services only on the server itself was an attempt to provide some useful tools by eliminating accidental security holes. WCF does away with this anyway, you can only create clients if metadata is published and they need to implement the right protection to access the services.

"The test form is only available for queries from the local machine."

More articles: