“测试表格仅适用于来自本地机器的请求." [英] "The test form is only available for requests from the local machine."

问题描述

我在 .Net 中创建了一个 Web 服务，因此服务文件的地址有一个关于它如何工作的漂亮的自动生成的解释.当我从它托管的机器上运行页面时，它甚至有一个表单，我可以使用它向服务提交测试值.然而，在远程机器上，它会隐藏表单并提供如上所示的消息.

I created a Web Service in .Net and so the address of the service file has a nifty auto generated explanation about how it works. When I run the page from the machine it's hosted on it even has a form that I can use to submit test values to the service. However on remote machines it hides the form and gives the message as seen above.

这有什么意义吗?我见过其他网站称之为更安全"，但如果你问我，任何人都可以轻松创建自己的表单，这只不过是一种麻烦.

Is there a point to this? I've seen other sites call this "more secure" but anyone could create their own forms easily making this nothing more than a nuisance if you ask me.

推荐答案

如果您要发布元数据并且它是一个公共/不安全的 Web 服务，那么您是对的，任何人都可以轻松生成一个简单的客户端来敲打在您的网络服务中.在这种情况下，仅在本地计算机上生成 Web 客户端似乎很麻烦.

If you are publishing metadata and it's a public/unsecured web service, you are right, it would be easy enough for anyone to generate a simple client to hammer away at your web service. In that case, having the web client only generated on the local machine does seem like a nuisance.

如果您的服务是私密且安全的，那么这将是一个巨大的安全漏洞，让任何知道服务器和服务名称的人都可以使用经过身份验证的客户端来访问您的数据并造成各种危害.

If your service is private and secured, however, it would be a huge security hole, giving anyone with the name of the server and service an authenticated client to use to potentially access your data and do all kinds of harm.

我认为仅在服务器本身上为 ASMX Web 服务生成 UI 的策略是尝试提供一些不错的工具，同时消除意外的安全漏洞.WCF 在任何情况下都取消了这一点，只有在发布元数据时您才能生成客户端，并且它们需要实现正确的安全性才能访问服务.

I imagine the policy of generating the UI for ASMX Web services only on the server itself was an attempt to provide some nice tooling while eliminating accidental security holes. WCF has done away with this in any case, you can generate clients only if the metadata is published, and they need to implement the correct security in order to access the services.

这篇关于“测试表格仅适用于来自本地机器的请求."的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！