如何保护我的jquery ajax调用更安全？ [英] How to Secure my jquery ajax call more secure ?

问题描述

我正在使用Jquery.ajax从客户端调用wcf其工作正常，但我在ajax调用中给出了wcf服务的整个url。如果有人看到页面源，他们可以很容易地了解我的wcf休息服务所在的位置。我如何保护？

I am using Jquery.ajax call in from client side to wcf its working fine but am giving the whole url of the wcf service in ajax call . if anyone see the page source they can easily come to know about where my wcf rest service is located. how can i protect ?

推荐答案

保护网络请求呼叫的方式相同，你可以在进行ajax呼叫时遵循相同的方式。



你的ajax电话正在点击wcf而你想要隐藏wcf网址。

但是只有通过隐藏才能解决你的目的。



就像我可以轻松跟踪您正在呼叫的页面中的网址，即使没有ajax呼叫。

所以，只需几秒钟就可以跟踪网址。



处理这种情况的最佳方法是通过发送登录凭证来验证wcf。



另一个不错的我更喜欢的方法是从ajax调用一个aspx处理程序并在处理程序中编写你的wcf调用。确保通过会话验证从应用程序中调用处理程序。只是为了确保不在外部调用处理程序。如果在外部调用，请执行审计跟踪记录用户的IP地址并将用户踢到登录页面。



这两种方法都可以肯定。



祝你好运！

干杯

Same way you protect a web request call, you can follow the same while making an ajax call.

Your ajax call is hitting a wcf and you want to hide the wcf url.
But only by hiding will not solve your purpose.

Like I can easily track the url from the page you are calling even if there is no ajax call.
So, it's just few seconds effort to track the url.

The best way to handle such situation is to authenticate the wcf by sending login credential.

Another nice approach which I prefer is to call a aspx handler from ajax and write your wcf call within the handler. Ensure you authenticate through session that the handler is called from within the application. Just to ensure the handler is not called externally. If called externally, do the audit trail recording the ip address of the user and kick the user to the login page.

Both the approach will work for sure.

Good luck!
Cheers

这篇关于如何保护我的jquery ajax调用更安全？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！