473,399 Members | 2,478 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > javascript > questions > xmlhttprequest, asp.net web service, and security

Join Bytes to post your question to a community of 473,399 software developers and data experts.

XmlHttpRequest, ASP.NET Web Service, and Security

Hi Guys,

I have been really trying to get my mind around this AJAX, and remote
scripting concept. Good stuff, though I have a security concern.

I have an ASP.NET Web Service, which a couple methods. I'm calling the
methods from JavaScript using the XmlHttpRequest object - works
beautifully! However, I don't want any other applications to be able to
call this web service, unless they are authenticated to do so.

How do I implement this? I know that I can setup authentication in the
web.config file of the web service, but that would just mean sending
the username and password from my JavaScript, which is available for
anyone to see.

Any ideas? Thanks.

Nov 3 '05 #1
1 1881
We are doing exactly this type of thing. Our web services are part of
our web project. They web service methods are marked with the
attribute [EnableSession(true)], which allows them to be part of the
same session as the rest of the web app.

When the web service gets hit with a request, we look up in session a
User object that gets created when the user is originally
authenticated. If it is not present, this means the user has not been
authenticated or the session has timed out. This assumes the rest of
your web app has a strong authentication infrastructure.

Please let me know if this makes sense, and any reason why it may not
be secure enough for you (we are exploring this as well).

Nov 3 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

20
XmlHttpRequest
by: Gaz | last post by:
In Internet Explorer 6 I'm having a problem with the httprequest object. I use it to call a webservice and display the result in the readystate event handler. This works the first time I call it...
Javascript
2
"Permission denied" for XMLHttpRequest in Firefox
by: dx27s | last post by:
Hi all, I'm working with the XMLHttpRequest object. I receive the following error message: "Permission denied to call method XMLHttpRequest.open" This occurs in Firefox only. IE works fine. ...
Javascript
0
XMLHTTPRequest with Xpath is not working
by: Bravo | last post by:
Hi I am trying to call a web page to get xml response back using xmlWebRequest and HTTPWebResponse classes. After getting the response, I am loading it in to a xmlDocument for further processing....
ASP.NET
20
XMLHTTPRequest variable and callback function question
by: chris.schwalm | last post by:
This is part II of this <a...
Javascript
0
permission denied when using XMLHttpRequest in mozilla
by: robi | last post by:
Hello everybody, I am trying to call a webservice which is deployed in Apache axis using AJAX. I am using servlet to forward the request from client to the webservice and to return the response...
XML
11
Permission denied to call method XMLHttpRequest.open
by: Une Bévue | last post by:
bon he voudrais m'essaye à écrire un widget, qui n'est autre qu'une page html faisant appel à XMLHttpRequest. pour l'instant mon Man_wgdt n'est qu'une co^pie du widget RDoc (pour documentation...
Javascript
1
XMLHttpRequest problem with Firefox and Netscape
by: ScriptProblem | last post by:
Hi Guys, I have a security concern with Mozilla and Netscape browsers(In IE it gives secuirity pop window) in Remote server(Client's server).When I am trying to call an Asp.NET web service from...
Javascript
1
Problem with UniversalBrowserRead: "Permission denied to call method XMLHttpRequest.open"
by: Charlie | last post by:
I am trying to make an XMLHttpRequest which violates the default "same- origin"policy in Firefox. I checked the archives and found a method that should work but it does not. Below is the test code...
Javascript
1
How do I update data within an xml childnode using XMLHttpRequest
by: Tarik Monem | last post by:
OK, I'm pretty sure this cannot work because I'm trying to use JavaScript (client-side) to write to an xml file (which is server-side) using XMLHttpRequest. Can I use PHP do what I'm trying to do?...
XML
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!