.net “测试表单仅适用于来自本地机器的请求。”
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1028010/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
"The test form is only available for requests from the local machine."
提问by Spencer Ruport
I created a Web Service in .Net and so the address of the service file has a nifty auto generated explanation about how it works. When I run the page from the machine it's hosted on it even has a form that I can use to submit test values to the service. However on remote machines it hides the form and gives the message as seen above.
我在 .Net 中创建了一个 Web 服务,因此服务文件的地址有一个关于它如何工作的漂亮的自动生成的解释。当我从它托管的机器上运行页面时,它甚至有一个表单,我可以使用它向服务提交测试值。然而,在远程机器上,它隐藏了表单并给出了如上所示的消息。
Is there a point to this? I've seen other sites call this "more secure" but anyone could create their own forms easily making this nothing more than a nuisance if you ask me.
这有什么道理吗?我见过其他网站称之为“更安全”,但如果你问我,任何人都可以轻松创建自己的表单,这只不过是一种麻烦。
采纳答案by Guy Starbuck
If you are publishing metadata and it's a public/unsecured web service, you are right, it would be easy enough for anyone to generate a simple client to hammer away at your web service. In that case, having the web client only generated on the local machine does seem like a nuisance.
如果您要发布元数据并且它是公共/不安全的 Web 服务,那么您是对的,任何人都可以轻松生成一个简单的客户端来攻击您的 Web 服务。在这种情况下,仅在本地计算机上生成 Web 客户端似乎很麻烦。
If your service is private and secured, however, it would be a huge security hole, giving anyone with the name of the server and service an authenticated client to use to potentially access your data and do all kinds of harm.
但是,如果您的服务是私有且安全的,那么这将是一个巨大的安全漏洞,为任何拥有服务器和服务名称的人提供一个经过身份验证的客户端,用于潜在地访问您的数据并造成各种危害。
I imagine the policy of generating the UI for ASMX Web services only on the server itself was an attempt to provide some nice tooling while eliminating accidental security holes. WCF has done away with this in any case, you can generate clients only if the metadata is published, and they need to implement the correct security in order to access the services.
我认为仅在服务器本身上为 ASMX Web 服务生成 UI 的策略是尝试提供一些不错的工具,同时消除意外的安全漏洞。在任何情况下,WCF 都取消了这一点,只有在发布元数据时您才能生成客户端,并且它们需要实现正确的安全性才能访问服务。
回答by p.campbell
You can work around this issue by modifying your web.configto include these nodes:
您可以通过修改您的web.config以包含以下节点来解决此问题:
<configuration>
<system.web>
<webServices>
<protocols>
<add name="HttpGet"/>
<add name="HttpPost"/>
</protocols>
</webServices>
</system.web>
</configuration>
This will allow you to visit the .asmx web service via your browser. You can then invoke the web services right in your browser, pass arguments, and view the results.
这将允许您通过浏览器访问 .asmx 网络服务。然后,您可以直接在浏览器中调用 Web 服务、传递参数并查看结果。
回答by Mike Martin
Just FYI I'm using .NET 4.0 and had this same problem.
仅供参考,我正在使用 .NET 4.0 并且遇到了同样的问题。
However I used...
不过我用...
<add name="HttpSoap12"/>
<add name="HttpSoap"/>
<add name="HttpGet"/>
<add name="HttpPost"/>
In those same areas and it worked. But with just HttpGetand HttpPostit did not.
在那些相同的领域,它奏效了。但只是HttpGet和HttpPost它没有。
