有人可以从页面外部访问我的WebMethod吗? [英] Can someone access my WebMethods from outside of the page?

问题描述

我有一个页面，并且它具有Web方法，我可以通过ScriptManager在aspx页面中使用theese，我想知道是否有人可以从页面外部访问theese方法，是否可以确保WebMethods的安全?

I have a page and it has webmethods I can use theese from the aspx page via ScriptManager, I am wondering If anyone can access theese methods from the outside of the page,if it is how can I secure the WebMethods ?

推荐答案

无法完全保护Web方法.毕竟，如果您要从网页上访问它们，则可以直接从客户端浏览器访问它们.

Securing the web methods completely isn't possible. After all, if you're accessing them from your web page, they are being accessed directly from the client browser.

您可以添加一个额外的参数，该参数需要包含某种一次性密码/令牌，并在呈现页面时生成一个密码/令牌.这将使某人在不实际访问您的站点的情况下继续使用您的Web服务变得更加困难.

You could add an extra parameter that needs to contain some kind of one-time password / token and generate one when the page gets rendered. That will make it more difficult for someone to continue using your webservice without actually visiting your site.

这篇关于有人可以从页面外部访问我的WebMethod吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！