Last post Mar 04, 2013 12:30 PM by kimranv
Mar 01, 2013 11:40 AM|kimranv|LINK
We have a situation where a few web services were built back in 2005 using asmx web services. These services are now being revisited and moving them to wcf is a possibility but would be very costly, hence the questions on the table before such a move were:
1. When is the end of life of asmx webservices?
2. Are security patches still being actively or on request being applied to asmx webservices and if so, when will that end?
Does anyone have and answer to these questions and are there any documents that would help answer these questions as well? Thanks.
Mar 01, 2013 01:35 PM|jprochazka|LINK
That would more than likely fall under the life cycle for the framework used to create them not ASMX itself.
Honestly I do not see ASMX web services going anywhere any time soon support for their use is included in all .NET framework versions. There are also no plans I know of to retire ASP.NET any time soon so I think it is safe to say the end of life for ASMX
is not close at hand. That being said updating the framework the ASMX services runs under would extend their life indefinatly or until Microsoft decides ASP.NET is no longer the future.
.NET Framework Product Life Cycles:
Mar 01, 2013 05:52 PM|kimranv|LINK
So I should take it that if security vulnerabilities surfaced in asmx webservices, Microsoft would patch it based on the framework the vulnerability showed up in.
Mar 01, 2013 11:20 PM|jprochazka|LINK
Yes vulnerabilities which surface in the .NET Framework are taken care of if the framework in question has not hit end of life.
As far as the code you write which makes up the web service as with any other language security is on you.
Mar 04, 2013 12:30 PM|kimranv|LINK