Has anyone, as part of their web service security, attempted to deny the verb get on their web services but still be able to call them in their actionscript code?
Ionly only have one client (flex app) that will call my web services, and part of the security, as I have done in the past, is deny any GETs on the WSDL file so someone can't easily determine all the methods exposed. I will be calling these services via SSL as well. However, when i call the load WSDL file, it obviously fails since that operation is a GET. All method calls are POSTS, so they'll/should work. Is this a situation where I would use a Proxy... just define the web service interface in my flex app... or am i required to always expose the wsdl file to my flex app? Thanks for any help! Usuing .NET Web services as my backend.
