As a result, an XSD document can be established to automatically deny
them access before any true processing ensues. Also, the unauthorized
individual has no idea what type of string the method is expecting. The
viewer of the exposed Web service is left wondering if the expected input
is a number, a serial code, alphabetic characters, XML, or something else.
In addition to this, using a single string parameter in your Web services
input parameter can also keep the expected information disguised. By
exposing a list of parameters, you could be giving away your business to
your competitors. After all, if your competitors are aware of what data you
are capturing they might be able figure out the services you are providing,
making it easy for them to replicate the Web service and reduce the income
that you are generating from your customers.
In this chapter we defined SOAP, provided examples demonstrating the
protocol hierarchy, and discussed how things were done prior to the exis-
tence of Web services. We discussed the lineage of SOAP, Web services
versus DCOM and Winsock, the SOAP Toolkit, the pros and cons of SOAP-
based Web services, what entities should use Web services, high-level .NET
Web services security, plus additional security measures that you can use
to make your applications more secure.
More importantly, we also discussed the reasons behind XML Web ser-
vices and why they are an excellent choice for implementing remote invo-
cation requirements. We also discovered what types of problems are suited
to Web services and presented a brief introduction to Web services in .NET.
What Are Web Services?