jQuery Web方法和身份验证 [英] JQuery web methods and authentication
问题描述
大家好,
不是代码问题,而是更多的模式.任何人都可以针对暴露于JSON和良好安全性的Jquery控件的Web方法,向我提出良好实践处理的方向吗?
简而言之,我们的asp.net页面利用Windows身份验证和对具有角色等的用户对象的调用.然后,将其存储在会话中并跨网页进行访问.现在利用webmethod和ajax调用,我可以Windows通过Thread.CurrentPrincipal.Identity对用户进行身份验证,并在Web方法上添加相关的IIS安全选项,但是显然我需要进行用户检索及其所有角色和访问权限.如果将Web服务与不定期的调用一起使用,这会很好,但是在这里,我有一个页面层叠的网页,由于我无法访问会话,我不愿意在每个web方法调用中都要检查安全权限(不是IIS)(因为我认为它不在调用范围之内,并且我不希望将任何形式的安全性/权限信息传输给客户端,权限应由服务器上的用户确定.
我可以看的任何常见的方向,路径和模式吗?
Hi Guys,
Not a code question but more of a pattern. Can anyone point me in the direction of good practice handling with regards to webmethods exposed to Jquery controls with JSON and good security?
In brief, our asp.net pages utilize windows authentication with calls to user objects with roles etc. This is then stored in a session and accessed across webpages. Now utilizing a webmethod and ajax call, I can windows authenticate the user via Thread.CurrentPrincipal.Identity and add the relevant IIS security options on the web method but I obviously then need to do a user retrieval and all its roles and access rights. This would be fine if utilizing webservices with sporadic calls but here I have a webpage with cascading drop downs and I''d hate to have to check security rights ( not IIS ) in every webmethod call as I can''t access sessions ( because I assume its outside of scope for the call ) and I don''t want to have any form of security/rights info transfered to the client, rights should be determined by user on the server.
Any directions, paths , patterns that are common that I can look at?
推荐答案
with regards to webmethods exposed to Jquery controls with JSON and good security?
请查看此链接...
如何使用JSON调用网络方法 [
Please see this link for this...
How to call webmethod using JSON[^]
这篇关于jQuery Web方法和身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
