My Goal is to disable all the built in sharepoint webservices and disable the default webservices page.
1) I made all the changes in the documents to machine.config (even though it is for the whole machine) -nothing happens. 2) There is no <webservices> node in the web.config for the web app,so I created one at the end just above the </configuration> node.It brought down the whole site along with .asmx pages.
> Which .asmx pages under _vti_bin can be secured (using windows > authentication) on a public facing site without breaking the site.Any > recommendation ?
> Thanks
> "Mars" wrote:
> > Hi -
> > 1) What's the security best practice for sharepoint web services (under > > _vti_bin)...specially for public sites?
As for the <webServices> configuration node, they are not at the top level (under <configuration> element) but under the <system.web> config section. So you need to add the <webServices> node with the following node hierarchy:
Delighting our customers is our #1 priority. We welcome your comments and suggestions about how we can improve the support we provide to you. Please feel free to let my manager know what you think of the level of service provided. You can send feedback directly to my manager at: msd...@microsoft.com.
My Goal is to disable all the built in sharepoint webservices and disable the default webservices page.
1) I made all the changes in the documents to machine.config (even though it is for the whole machine) -nothing happens. 2) There is no <webservices> node in the web.config for the web app,so I created one at the end just above the </configuration> node.It brought down the whole site along with .asmx pages.
> Which .asmx pages under _vti_bin can be secured (using windows > authentication) on a public facing site without breaking the site.Any > recommendation ?
> Thanks
> "Mars" wrote:
> > Hi -
> > 1) What's the security best practice for sharepoint web services (under > > _vti_bin)...specially for public sites?
Hi Steven.Thanks for the answers,things working out.
When I disable WSDL generation it shows and error when you try to browse any .asmx file , which is expected.I want to redirect users to page saying "You are not allowed".THere is a MS document on this,it says i need to place the desired page under the docs directory beneth the root of the web application.I dont have a doc directory under any web applications root directory.Can you explain the steps or give me an alternative please.Thanks in advance.
> As for the <webServices> configuration node, they are not at the top level > (under <configuration> element) but under the <system.web> config section. > So you need to add the <webServices> node with the following node hierarchy:
> Delighting our customers is our #1 priority. We welcome your comments and > suggestions about how we can improve the support we provide to you. Please > feel free to let my manager know what you think of the level of service > provided. You can send feedback directly to my manager at: > msd...@microsoft.com.
> My Goal is to disable all the built in sharepoint webservices and disable > the default webservices page.
> 1) I made all the changes in the documents to machine.config (even though > it > is for the whole machine) -nothing happens. > 2) There is no <webservices> node in the web.config for the web app,so I > created one at the end just above the </configuration> node.It brought down > the whole site along with .asmx pages.
> Any suggestions?
> Thanks in advance.
> "Mars" wrote:
> > also wanted to add...
> > Which .asmx pages under _vti_bin can be secured (using windows > > authentication) on a public facing site without breaking the site.Any > > recommendation ?
> > Thanks
> > "Mars" wrote:
> > > Hi -
> > > 1) What's the security best practice for sharepoint web services (under > > > _vti_bin)...specially for public sites?
Hi Steven- Is it possible to keep the webservices enabled and allow a outside partner to use selected webservices (say,search.asmx and lists.asmx) and lock down the others?
> As for the <webServices> configuration node, they are not at the top level > (under <configuration> element) but under the <system.web> config section. > So you need to add the <webServices> node with the following node hierarchy:
> Delighting our customers is our #1 priority. We welcome your comments and > suggestions about how we can improve the support we provide to you. Please > feel free to let my manager know what you think of the level of service > provided. You can send feedback directly to my manager at: > msd...@microsoft.com.
> My Goal is to disable all the built in sharepoint webservices and disable > the default webservices page.
> 1) I made all the changes in the documents to machine.config (even though > it > is for the whole machine) -nothing happens. > 2) There is no <webservices> node in the web.config for the web app,so I > created one at the end just above the </configuration> node.It brought down > the whole site along with .asmx pages.
> Any suggestions?
> Thanks in advance.
> "Mars" wrote:
> > also wanted to add...
> > Which .asmx pages under _vti_bin can be secured (using windows > > authentication) on a public facing site without breaking the site.Any > > recommendation ?
> > Thanks
> > "Mars" wrote:
> > > Hi -
> > > 1) What's the security best practice for sharepoint web services (under > > > _vti_bin)...specially for public sites?
As for the requirement you provided, it sounds like add authorization for the web service. Based on my experience, the IIS or ASP.NET system provide some URL or role based authorizaiton, you can have a look to see whether that can help protect your asmx endpoint:
Delighting our customers is our #1 priority. We welcome your comments and suggestions about how we can improve the support we provide to you. Please feel free to let my manager know what you think of the level of service provided. You can send feedback directly to my manager at: msd...@microsoft.com.
Hi Steven- Is it possible to keep the webservices enabled and allow a outside partner to use selected webservices (say,search.asmx and lists.asmx) and lock down the others?
> As for the <webServices> configuration node, they are not at the top level > (under <configuration> element) but under the <system.web> config section. > So you need to add the <webServices> node with the following node hierarchy:
> Delighting our customers is our #1 priority. We welcome your comments and > suggestions about how we can improve the support we provide to you. Please > feel free to let my manager know what you think of the level of service > provided. You can send feedback directly to my manager at: > msd...@microsoft.com.
Hi Steven. The documents are focused on _vti_bin and the site itself.The site that i'm working on is a public site, so the site has to stay anonymous access enabled.If i block _vti_bin folder the site breaks..so that has to stay as it is.I just want the webservices secured.
If i secure the asmx endpoints with windows authentication but httppost and httpget protocols are still enabled,is my webservice secured?
*In other words, how may endpoints are there that I have to block to protect the web services (othar than asmx pages)?
*How do I block all the endpoints (from IIS , web.config, or others) for all webservices and give a user access to the one they actually need access to.?
> As for the requirement you provided, it sounds like add authorization for > the web service. Based on my experience, the IIS or ASP.NET system provide > some URL or role based authorizaiton, you can have a look to see whether > that can help protect your asmx endpoint:
> Delighting our customers is our #1 priority. We welcome your comments and > suggestions about how we can improve the support we provide to you. Please > feel free to let my manager know what you think of the level of service > provided. You can send feedback directly to my manager at: > msd...@microsoft.com.
> Hi Steven- Is it possible to keep the webservices enabled and allow a > outside > partner to use selected webservices (say,search.asmx and lists.asmx) and > lock > down the others?
> Thanks in advance.
> ""Steven Cheng"" wrote:
> > Hi Mars,
> > As for the <webServices> configuration node, they are not at the top > level > > (under <configuration> element) but under the <system.web> config > section. > > So you need to add the <webServices> node with the following node > hierarchy:
> > Delighting our customers is our #1 priority. We welcome your comments and > > suggestions about how we can improve the support we provide to you. > Please > > feel free to let my manager know what you think of the level of service > > provided. You can send feedback directly to my manager at: > > msd...@microsoft.com.
How many set of the webservice functions will you need in your application? If the secured part (which need access control) is only small part of them, you can consider manually build a custom webservice(using sharepoint object model) and put them under _layouts application folder. And then you can apply own access control over your custom asmx webservice.
Hi Steven. The documents are focused on _vti_bin and the site itself.The site that i'm working on is a public site, so the site has to stay anonymous access enabled.If i block _vti_bin folder the site breaks..so that has to stay as it is.I just want the webservices secured.
If i secure the asmx endpoints with windows authentication but httppost and httpget protocols are still enabled,is my webservice secured?
*In other words, how may endpoints are there that I have to block to protect the web services (othar than asmx pages)?
*How do I block all the endpoints (from IIS , web.config, or others) for all webservices and give a user access to the one they actually need access to.?
Thanks in advance.
""Steven Cheng"" wrote: > Hi Mars,
> As for the requirement you provided, it sounds like add authorization for > the web service. Based on my experience, the IIS or ASP.NET system provide > some URL or role based authorizaiton, you can have a look to see whether > that can help protect your asmx endpoint:
> Delighting our customers is our #1 priority. We welcome your comments and > suggestions about how we can improve the support we provide to you. Please > feel free to let my manager know what you think of the level of service > provided. You can send feedback directly to my manager at: > msd...@microsoft.com.
> Hi Steven- Is it possible to keep the webservices enabled and allow a > outside > partner to use selected webservices (say,search.asmx and lists.asmx) and > lock > down the others?
> Thanks in advance.
> ""Steven Cheng"" wrote:
> > Hi Mars,
> > As for the <webServices> configuration node, they are not at the top > level > > (under <configuration> element) but under the <system.web> config > section. > > So you need to add the <webServices> node with the following node > hierarchy:
> > Delighting our customers is our #1 priority. We welcome your comments and > > suggestions about how we can improve the support we provide to you. > Please > > feel free to let my manager know what you think of the level of service > > provided. You can send feedback directly to my manager at: > > msd...@microsoft.com.
> > ================================================== > > Get notification to my posts through email? Please refer to
|
