Securing a remote ajax method call
I have coded some JavaScript to perform an ajax call in an asp.net application. This triggers a method that calls a URL, sending some parameters in the POST.
The rec
-
You can use SOAP to pass a username/password with the request. SSL should be used to encrypt the data going over the wire. Here is some code that we use:
This is a class that will hold the Credentials that are sent with the request:
Imports System.Web.Services.Protocols Public Class ServiceCredentials Inherits SoapHeader Private _userName As String Public Property UserName() As String Get Return _userName End Get Set(ByVal value As String) _userName = value End Set End Property Private _password As String Public Property Password() As String Get Return _password End Get Set(ByVal value As String) _password = value End Set End Property Public Sub New() End Sub Public Sub NewUserInfo(ByVal ServiceUser As String, ByVal ServicePassword As String) Me.UserName = ServiceUser Me.Password = ServicePassword End SubAdd an attribute to the definition of your Web Service:
And then from there, just create a function (in my example, PermissionsValid) to check the permissions:
Function PermissionsValid(byval Credentials as ServiceCredentials) as boolean 'check Credentials.Username and Credentials.Password here and return a boolean End FunctionThis may seem like a bunch of work, but this way, when they send a request, you can check it against a database or whatever else you want. You can also turn off a username easily at your end.
A simpler way would be to restrict the IP addresses that are allowed to hit the service page. But, then you run into issues with IP addresses changing, etc.
BTW, much of this was typed as I did the post, so you may need to check over the code to make sure it compiles. :)
加载中...
- 热议问题