How do I secure ASP.NET web service to only allow relative path calling?

Question

I have ASMX services for my web application that I would only like available to the same application.

Is there a way for the web service to only be accessible by the sam

Answer 1

Two ways to do this:

• Have the web services hosted on a different box. The main web box is on a publicly accessible IP (ie. in the DMZ), while the web service box is only accessible to the internal network.
• You might be able to do this with sufficient networking gymnastics. For example, host the web services on the same box but a different IP, and have the firewall block any outside calls to that IP.

Answer 2

The easiest route would be to just not use a web service. If you're calling from the same application, you can probably just pull your logic into a separate class, and call it directly in your code, not via web service.

Answer 3

Web services can be called by all sorts of code, not just code that's part of a web site. So, in general, there is no "calling URL".