"The test form is only available for requests from the local machine."

B

5

67

I created a Web Service in .Net and so the address of the service file has a nifty auto generated explanation about how it works. When I run the page from the machine it's hosted on it even has a form that I can use to submit test values to the service. However on remote machines it hides the form and gives the message as seen above.

Is there a point to this? I've seen other sites call this "more secure" but anyone could create their own forms easily making this nothing more than a nuisance if you ask me.

Bunny answered 22/6, 2009 at 16:0 Comment(2)

Did you have a question? You may also want to say what .NET version you're using, or whether you're using ASMX services or WCF. – Ventriloquy 22/6, 2009 at 16:2

How can I call the webService? I need to execute the event when anychange happens on the ServerSide. Should I put the program in the Server HOST? – Prissie 4/10, 2011 at 17:30

H

5

If you are publishing metadata and it's a public/unsecured web service, you are right, it would be easy enough for anyone to generate a simple client to hammer away at your web service. In that case, having the web client only generated on the local machine does seem like a nuisance.

If your service is private and secured, however, it would be a huge security hole, giving anyone with the name of the server and service an authenticated client to use to potentially access your data and do all kinds of harm.

I imagine the policy of generating the UI for ASMX Web services only on the server itself was an attempt to provide some nice tooling while eliminating accidental security holes. WCF has done away with this in any case, you can generate clients only if the metadata is published, and they need to implement the correct security in order to access the services.

Herstein answered 22/6, 2009 at 16:16 Comment(2)

The answer below (the one with 120+ upvotes) tells you how to get it working - good luck! – Herstein 19/1, 2017 at 21:48

I asked this question: #41752713. Can you please help? – Schaffer 19/1, 2017 at 21:50

B

178

You can work around this issue by modifying your web.config to include these nodes:

<configuration>
    <system.web>
     <webServices>
        <protocols>
            <add name="HttpGet"/>
            <add name="HttpPost"/>
        </protocols>
    </webServices>
    </system.web>
</configuration>

This will allow you to visit the .asmx web service via your browser. You can then invoke the web services right in your browser, pass arguments, and view the results.

Bandog answered 31/7, 2009 at 15:46 Comment(5)

+1 because my app is in a secure environment and for QA this is totally needed. Thanks. – Homothermal 12/3, 2010 at 18:36

Helps me too, but have another issue, as it redirects me to page with port specified. How can I remove port from address string. – Sleight 14/11, 2012 at 13:22

I know it's been years, but this was bugging me. Luckily with transforms we can add this to Dev and UAT publishes, and yet keep it out of Live, even if realistically it's still a nuisance to get at it.. – Chabazite 26/7, 2016 at 14:30

What is the security concern with this method? Anyone can access it or can I enable authentication before allowing to expose the service? – Schaffer 19/1, 2017 at 21:1

This should be the accepted answer along with the information in the currently accepted answer. – Cooperation 13/9, 2018 at 10:55

O

15

Just FYI I'm using .NET 4.0 and had this same problem.

However I used...

<add name="HttpSoap12"/>
<add name="HttpSoap"/>
<add name="HttpGet"/>
<add name="HttpPost"/>

In those same areas and it worked. But with just HttpGet and HttpPost it did not.

Omphalos answered 24/4, 2011 at 4:47 Comment(0)

G

7

enter image description here

HTTP GET and HTTP POST Are Disabled by Default

Glucinum answered 2/6, 2015 at 22:34 Comment(0)

H

5

If you are publishing metadata and it's a public/unsecured web service, you are right, it would be easy enough for anyone to generate a simple client to hammer away at your web service. In that case, having the web client only generated on the local machine does seem like a nuisance.

If your service is private and secured, however, it would be a huge security hole, giving anyone with the name of the server and service an authenticated client to use to potentially access your data and do all kinds of harm.

I imagine the policy of generating the UI for ASMX Web services only on the server itself was an attempt to provide some nice tooling while eliminating accidental security holes. WCF has done away with this in any case, you can generate clients only if the metadata is published, and they need to implement the correct security in order to access the services.

Herstein answered 22/6, 2009 at 16:16 Comment(2)

The answer below (the one with 120+ upvotes) tells you how to get it working - good luck! – Herstein 19/1, 2017 at 21:48

I asked this question: #41752713. Can you please help? – Schaffer 19/1, 2017 at 21:50

N

0

I had the same problem, add this to web.config

</system.web>
<webServices>
  <protocols>
    <add name="HttpSoap12"/>
    <add name="HttpSoap"/>
    <add name="HttpGet"/>
    <add name="HttpPost"/>       
  </protocols>
</webServices>
</system.web>

Necklace answered 17/2 at 10:33 Comment(0)

Recommended topics

Hot tags