none
WCF service security and Mex endpoint RRS feed

  • Question

  • i am newbie in WCF. i know that service become discoverable due to MEX endpoint. if i remove mex endpoint from service config file then no client can create proxy for our service and can not communicate to our service. people often do not use Mex endpoint for internal service as a result service is not exposed to out side world.

    i want to know that if i give mex endpoint then service will be discoverable and anyone can create proxy. so if any unauthorized or anonymous user can create proxy of my service then what he can do if there is a story of authentication for using my service. he can see the proxy class and guess how i design my class. if any hacker can see how i design my class then what kind of harmful action he may take...please discuss. thanks

    Wednesday, January 9, 2013 2:43 PM

Answers

  • Hi,

    MEX endpoint is a special endpoint used to exposes metadata. This blog explain the using of Mex Endpoint.

    There may be something misunderstanding, WCF Discovery is a different concept, it do not have something to do with Mex, they just achieve with a similar way, WCF Discovery with a DiscoveryEndpoint, Mex with a Mex endpoint.

    Best Regards.


    Haixia
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Friday, January 11, 2013 5:47 AM
    Moderator