有人可以从页面外部访问我的WebMethod吗? [英] Can someone access my WebMethods from outside of the page?
问题描述
我有一个页面,并且它具有Web方法,我可以通过ScriptManager在aspx页面中使用theese,我想知道是否有人可以从页面外部访问theese方法,是否可以确保WebMethods的安全?>
I have a page and it has webmethods I can use theese from the aspx page via ScriptManager, I am wondering If anyone can access theese methods from the outside of the page,if it is how can I secure the WebMethods ?
推荐答案
无法完全保护Web方法.毕竟,如果您要从网页上访问它们,则可以直接从客户端浏览器访问它们.
Securing the web methods completely isn't possible. After all, if you're accessing them from your web page, they are being accessed directly from the client browser.
您可以添加一个额外的参数,该参数需要包含某种一次性密码/令牌,并在呈现页面时生成一个密码/令牌.这将使某人在不实际访问您的站点的情况下继续使用您的Web服务变得更加困难.
You could add an extra parameter that needs to contain some kind of one-time password / token and generate one when the page gets rendered. That will make it more difficult for someone to continue using your webservice without actually visiting your site.
这篇关于有人可以从页面外部访问我的WebMethod吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!