Over the last few day I've been learning a lot about web services in a production environment and inter operating with a platform other than .NET. There is so much to learn its not even funny. The refreshing thing is even with the headaches and frustration of the process I'm glad I went through it and learned something that will stick with me.
Writing the web service or getting it to work was not a big issue. The big issue is having third parties access the service and getting it work behind the firewall with SSL. When the third parties would reference the web service they were using https://www.company.com/webservice.asmx?WSDL to generate the proxy classes on their platform. That would work for most situations except everything inside of the firewall is regular http traffic. This causes the auto generation of the WSDL file to return the location as http://www.company.com/webservice.asmx and not https as I was expecting because the actual connection to the service was over http.
My first thought was to somehow override, or at least tap into, the functionality of auto generating the WSDL file so I could write out the correct URL for the web service. In my research I stumbled upon a discussion where a guy was wanting to do the same thing. Ahh, could this be the answer I was looking for? We'll, the discussion linked to an article on MSDN about Customizing the Generation of Service Descriptions and Proxy Classes and the guy was nice enough to post a follow up with his bullet points. That's great in a normal situation and I really appreciated the effort on his part. < rant >Too many people don't follow up when they fix their issue or just post "I fixed it" but don't say how they fixed it. < /rant > Anyway, this is some pretty in depth stuff that I was ready and willing to tackle it late last night. That is until I realized that I needed something faster that what I was going to get by reading to understand how it works, code it, test it, etc..
I remembered reading somewhere about securing web services and turning off the auto generation of the WSDL files and submitting them to your customers/clients individually. But if they have the WSDL file local how is that going to help them access the web service? DING! DING! DING! In the static WSDL file you set the location URL to whatever you need it to be...https://www.company.com/webservice.asmx. When they reference the static WSDL file it tells them the real location of the web service. Sounds way to easy I know but it that's it.
Set the address location
<soap:address location="https://www.company.com/webservice.asmx"></soap:address>
By default, Web services publicly expose WSDL, which makes it available to anyone who can connect to the Web server over the Internet. It my case it worked but didn't deliver the expected result. To disable the Documentation protocol, comment it out in Machine.config.
<webServices>
<protocols>
<add name="HttpSoap"/>
<!-- <add name="Documentation"/> -->
</protocols>
</webServices>