Through Admistractive console we are able to access available service, after authentication we able to access available services
Same way, we need authentication for the WSDL file, which are not authenticated. Any body can accessible WSDL files if they got the URL
It’s a security risk, It was possible to retrieve Web Services Description Language (WSDL) from web service endpoints as an anonymous user. While this functionality could be of use to a legitimate developer, it would also help an attacker to determine the methods exposed by a service and how to create a well-formed request.
Is there any way to authenticate wsdl urls?
Sent from Mail for Windows 10