0

Is there any method to identify and avoid request to my WCF Service from any tools like fiddler or SOAP UI.

Santosh
  • 2,355
  • 10
  • 41
  • 64
  • 1
    Duplicate of [Require credentials for some methods only in WCF web service](http://stackoverflow.com/questions/5700495/require-credentials-for-some-methods-only-in-wcf-web-service). – CodeCaster Nov 13 '13 at 10:35

1 Answers1

1

You can't, as Fiddler and SOAP UI can be used to craft arbitrary HTTP messages that look exactly like one a browser can send.

Please explain your actual problem. You might be looking for authentication.

CodeCaster
  • 147,647
  • 23
  • 218
  • 272
  • I have a WCF REST Service(for ex:http://localhost/RESTSERVICEdemo/Service1.svc/GetProductList/).When running from any browser it works fine and gives desired result.Now my problem is my service has few payment pages and i want to make sure that this pages are not hit through fiddler or any such tools.how i can prevent.Thanks in advance – Santosh Nov 13 '13 at 10:35
  • In that case see the duplicate question I just linked. – CodeCaster Nov 13 '13 at 10:36
  • is there a way i can use any thing from request header(Origin/User-Agent/Host) and check whether the request is coming from browser or fiddler? – Santosh Nov 13 '13 at 10:55
  • 2
    Like I said, you cannot rely on that because any malicious user can create any HTTP request they want with any tool they want. You want to use authentication, to see _which user_ is calling your service, not _which program_. – CodeCaster Nov 13 '13 at 11:00
  • thanks...would be helpful much if you can provide any such examples(basic) apart from the mentioned link – Santosh Nov 13 '13 at 11:50
  • It's a bit of a broad subject, but you could try starting at [WCF Security - Authentication](http://msdn.microsoft.com/en-us/library/ms733082(v=vs.110).aspx) and [Conceptual overview of WCF security model?](http://stackoverflow.com/questions/450089/) for example. You can apply basic or forms authentication, or [reinvent the wheel](http://stackoverflow.com/questions/141484/), or see [WCF REST 4.0 Authorization with Form Based Authentication (SetAuthCookie)](http://www.codeproject.com/Articles/304877/WCF-REST-4-0-Authorization-with-Form-Based-Authent). – CodeCaster Nov 13 '13 at 12:02