I have an ASP.NET (1.1) web service which authenticates clients using a SoapExtension.ProcessMessage(SoapMessage) override as described in:
http://www.codeguru.com/columns/experts/article.php/c5479
However if the web.config if not set up such that HttpSoap is the only protocol allowed, then ProcessMessage will never get called for requests coming in on other protocols, and therefore bypass security.
Is there anyway to programatically ensure SOAP is being used (as opposed to relying on the web.config to be correct)?
Thanks.
If it's of any use to anyone, I ended up checking:
Request.ServerVariables["HTTP_SOAPAction"] != null
which isn't ideal but seemed to do the trick.