Securing a remote ajax method call

Question

I have coded some JavaScript to perform an ajax call in an asp.net application. This triggers a method that calls a URL, sending some parameters in the POST.

The rec

Answer 1

Sorry, I can't add comments as I don't have enough reupation yet.

I don't fully understand your question. Are you asking if the developer you give the username/password to decides to abuse the webservice?

If that is the case, you will probably want to include some sort of logging into the system. (In fact, you should probably do that no matter what.)

You could write an entry in to some sort of log (file, event log, sql table, etc) during the PermissionsValid function. This could show the IP address and the username passed along with the time stamp of when it was done. This way you can see if someone is trying to 'hack' in.

You could also put something in the MyWebMethod function after the permissions have been validated logging the data that the user is sending. This way you know who was sending it, when, from where and what they sent. If you want to go the extra mile, you could even record the data before any updates have been made. That would give you the ability to roll back any malicious changes.