与jQuery的AJAX使用固定一个asp.net web服务 [英] securing an asp.net web service for use with jquery ajax
问题描述
我使用jQuery AJAX从一个asp.net web服务获取数据。我不知道我该怎么保护它,并把它与jQuery AJAX工作。该服务是我的web应用程序和访问它,你必须到应用程序中记录的一部分。不过,我想进一步固定。例如,一个在自动完成框查找所有客户顾问是好的,但他们可以在其他顾问的ID,而不是发送。什么是确保这一最好的方法是什么?
我看了这篇文章在这里的http:/ /msdn.microsoft.com/en-us/library/w67h0dw7%28VS.71,classic%29.aspx 。但是,我不知道如何使用jQuery阿贾克斯这项工作。任何帮助将是AP preciated。
I'm using jquery ajax to fetch data from an asp.net webservice. I'm wondering how I can secure it and have it work with jquery ajax. The service is part of my web application and to access it you have to be logged in to the application. However I'd like to further secure it. For example a consultant looking up all their customers in an autocomplete box is good, but they can instead send in some other consultant's id. What's the best way to secure this? I've looked at this article here http://msdn.microsoft.com/en-us/library/w67h0dw7%28VS.71,classic%29.aspx . However, I don't know how to make this work with jquery ajax. Any help would be appreciated.
推荐答案
据我了解,你要确保你知道使用你的服务者的身份。如果Web服务是应用程序的一部分,这不应该是通过使用Cookie(假设该Web服务是在同一个域中的站点)的一个问题。见<一href=\"http://books.google.co.uk/books?id=-WShG0uezvEC&pg=PA124&lpg=PA124&dq=cookie+tokens+asp.net&source=bl&ots=BxnkVurSET&sig=GIWFaw5gV0vSzd0R0hALj0J7uSs&hl=en&ei=zszdSuWIJMjB-QaJ56U3&sa=X&oi=book%5Fresult&ct=result&resnum=3&ved=0CBQQ6AEwAg#v=onepage&q=cookie%20tokens%20asp.net&f=false\"相对=nofollow>这本电子书一些想法。
As far as I understand you want to make sure that you know the identity of the person using your service. If the web service is part of your application this should not be a problem by using cookies (assuming the web service is on the same domain as the site). See this e-book for some ideas.
另外,你可以伸手临时标识将记录在您的网站的成员,其中将在Web服务调用中使用 - 即使标识被盗,它只能用于有限的时间这样
Otherwise you could hand out temporary identifiers to the logged in members of your site which would be used in the webservice calls - this way even if the identifier is stolen, it can only be used for a limited time.
这篇关于与jQuery的AJAX使用固定一个asp.net web服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
