hi, or instance, modify your client application to include some additional , your application-specific headers toall soap requests and implement a handler at the server side to check for those headers and thrown an exception if there are no such headers found, even if security token is correct.
best, Dmitri [EMAIL PROTECTED] wrote ---- Hi, I am using XFire web services to transfer lots of data to a client side application. I currently use an authentication token with username and password to make sure no one but our users can use this application. What I'm wondering is if there is a way to prevent our users from accessing the web services from outside of our application. It would be pretty easy to look at the outgoing SOAP requests to figure out how to manually create one and then abuse our web services. We don't really want these services to be available in that way. Is there some common way to do this? Any ideas would be great. Thanks, anomamo
