WCF / ASMX :: Securing AJAX Calls From JQuery?
Sep 21, 2010
I am working on web application in which all of the data I am submitting back to the server is being done on the client side using JQuery AJAX calls to my .NET web services using JSON. This works perfectly to enhance my user experience and greatly reduces post backs, etc.What I am looking for suggestions on is securing the web services being exposed to the client side from being used by anything but my JQuery code on my site. The security hole that I see here is that since the client-side JQuery can access the web services, so could anything.
View 2 Replies
Similar Messages:
Jun 22, 2010
what is the correct way to pass data through the AJAX calls and have it be model-binded into an object inside my Controller Action?
So far, I've read in some places that jQuery sends data in key-value pairs, so I don't have to do anything extra, while in other places, I've read that I have to first use a JSON deserializer and then bind the result. I've currently implemented my Controller Actions as ones that accept HTTP POST.
View 2 Replies
May 3, 2010
Old school coders are used to having every server control create events in the .cs files.. for example.. Getting the Initial load of data, Saving Data, Deleting data... and then binding datasources to the server control..
New school coders want to do it in Jquery + AJAX calls to .svc files... That gives automatic no post backs so that is a advantage... and I think its a different way of thinking.. All of a sudden the UI related events are all being done in Jquery..
What is the most modern and efficient way to go ? How can I convince the old school coders to let us you this new paradigm ? (assuming it is the better way)
View 3 Replies
Nov 14, 2010
How do I go about making true ajax requests to an asp.net page? (Not update panels). I read this tutorial but couldn't get it working. Is there a better approach? Or should this work?
[URL]
View 2 Replies
Nov 19, 2010
I am trying to make 2 separate AJAX calls using buttons. What I want to happen is: when Button1 is clicked ProductsTable shows data from the webservice; when Button2 is clicked OthersTable shows its own data from the webservice. But right now, when either button is clicked, nothing shows up. I know the code works if there's only one of them and it's not wrapped around a .click function.
No error messages. ASP.NET 4.0, JQuery 1.4.4. Not using ScriptManager. Not using UpdatePanels.
Code below:
[Code]....
View 3 Replies
Sep 24, 2010
I have been moving my application to be more AJAX-based. Currently I have a web service call where I use jQuery to gather some textbox (string) and checkbox (boolean) results and pass it to a web service. Everything works really well, the response time is super quick. The only downside that I can see to this is
1) you need to use jQuery, which will add to the user's download time - this doesn't really affect my application too much because I am using jQuery throughout the site
2) users can see the code and potentially try to hack the web service because they know where it is
I am most concerned with #2. I've been reading a lot about .NET web service calls, using IAsyncResult,
http://msdn.microsoft.com/en-us/library/2e08f6yc.aspx, and I am beginning to understand the 4 methods available in this article. However, is there extra bloat using this way compared to the jQuery web service call?If there isn't that much bloat or lag time using this method, I'd like to convert my application. Which one of these 4 methods is best in a scenario where I am just returning a small string value? The 4 methods in the article are to wait for EndInvoke itself, which from what I read is not recommended because this may block the first thread; and this should not be used on a service that affects the UI.Create a WaitHandle to wait for the 'OK' before EndInvoke is called Poll the IAsyncResult for .IsCompleted, using sleep() and a Do While until IAsyncResult.IsCompleted is true, then call EndInvoke Pass a delegate function to BeginInvoke to be called once the operation is complete.
View 1 Replies
May 7, 2015
$.ajax({
type: "POST",
url: "./InActiveMerchantList.aspx/LoadStakchart",
[Code]....
View 1 Replies
Jun 6, 2010
I have a WCF service returning JSON to jQuery ajax calls and presenting the results on an ASPX page. When the page is NOT under SSL, the ajax calls work perfectly. When the page IS under SSL, the calls fail. I understand that this behavior must be due to the Same Origin Policy (SOP).
So, how do I setup my WCF service to accept calls from an SSL-secured page? Does the WCF service also need to be secured? If so, how do I do this?
View 3 Replies
Mar 1, 2010
I have noticed that in Google web reader (that lets us read RSS feeds on the web), the page does not seem to load ALL the feeds. Instead, as I scroll down, I can see more and more feeds (and the size of the scrollbar increases if you know what i mean)
I assume they do this by finding the position of the scrollbar and do an AJAX call. Is this correct? How would I do this in ASP.NET?
View 3 Replies
May 28, 2010
How to secure an Action filtered with Authorize method from a jQuery call? I have this Authorize filter and it work's cause users are redirected if not logged-in. But after logging-out then accessing previous open pages that needs authorization, they weren't redirected at all. This jQuery is initialize when a button is clicked,
jQuery.post(
"/controllername/IsUserActive", {
}, function (data) {
if (data){
$('#div_user_active').html(data);
{ else {
$('#div_user_active').html('Not Active');
}
}
);
then calls this Action method.
<Authorize()> _
Function IsUserActive() As Boolean
Return True '<<---this keeps returning even users are already logged-out.
End Function
Overall, I wanted ajax(jQuery) to update/read a portion of the page but gets redirected if not authorized.
View 1 Replies
Feb 13, 2010
I have a page that calls on an asmx within the project (for some ajax stuff). Within that asmx I'm calculating a value and returning it to be output to the screen.
However I need to do a recalculation that includes summing this value with a few others. The function that performs the calculation is in a UserControl on the page.
How do I get a reference to the page object so I can use FindControl to get an instance of the user control so I can call that calcuation function?
View 2 Replies
Apr 25, 2010
I need to connect to a WebService provided by someone else. This WS (all https) has three methods that are accessible without having logged on:
login, logoff, getVersion . All other methods require that the login-method has been called before. Nothing special unto this point. However, the docs state that I have to make sure that (quote):
"All method calls between login and logoff are to be carried out by means of the same persistent http-connection (key word: http persistent connections or http connection reuse"
I seem to be unable to figure out how that would work - all WS'es I ever utilized were either taking user/pwd combinations in each method call or the login-method returned something like a SessionID which was then used for each subsequent call to a given method (i.e. passed as a parameter). If I call the login-method and subsequently call any method that requires authentication, the call will fail with an exception telling me that I need to log in first.
View 1 Replies
Feb 22, 2011
HWhen I want to use AJAX, primarily with JQuery .ajax function, I use functions within the .aspx.cs of the same page with [WebMethod].
I dont like this method very much because everyone can tell which function I use, and with no problem they can use it too.
My guess is that theres a better way to do this, Am I right?
View 3 Replies
Jan 20, 2010
I can't seem to call a web service method from Ajax with both POST and GET.
Initially only the POST would work and GET would causes this error:
{"Message":"An attempt was made to call the method u0027getDatau0027 using a GET request, which is not allowed.","StackTrace":" at System.Web.Script.Services.RestHandler.GetRawParams(WebServiceMethodData methodData, HttpContext context)at System.Web.Script.Services.RestHandler.ExecuteWebServiceCall(HttpContext
context, WebServiceMethodData methodData)","ExceptionType":"System.InvalidOperationException"}
I fixed that by adding this attribute: [ScriptMethod(UseHttpGet=true)] but now GET causes this error:
[code]....
So is it true that you can only use either POST or GET and not both from Ajax?
View 3 Replies
Aug 25, 2010
I have an XML web service where the authentication used is BASIC WINDOWS. Following is my client code to connect to the service.
[Code]....
Now, the issue is that the client is really authenticated only in the first attempt(First time I execute the code in VS). Further attempts succeed even if the code to assign credentials is commented or even after providing wrong user id/ password. I ensured that the server is hit each time(Just to make it clear that it not just because of client side caching).Is this the behavior of Basic authentication/credential cache. I would prefer the client be authenticated each time he hits the server.
View 2 Replies
Nov 8, 2010
I am trying to differentiate between a debugging session on the localhost and a live environment in terms of calls to the WS.
View 5 Replies
Aug 9, 2010
[Code]....
And it seems to work...Im returning some tabular html data in the asmx....however in firebug everything is coming out encoded with the xml header...?? Im not appending that anywhere I can see...<?xml version="1.0" encoding="utf-8"?><string xmlns="http://tempuri.org/"><table class='whoinner'><thead><tr><th>Resident</th><th>Off</th><th>Returning</th><th>Type</th></tr></thead><tbody><tr dateid='6e220daa-b25b-4528-b402-fdffa009dfff' reqid='a03cb1d8-7150-481d-81a3-e1e7670cc10a' onclick='visualizeDate("Wednesday, August 04, 2010","Thursday, August 12, 2010")'> <td class='resident'>Steve</td><td class='from'>Aug 04 2010</td><td class='to'>Aug 12 2010</td><td class='type'>Vacation</td></tr></tbody></table></string>
View 3 Replies
Jun 15, 2010
I am trying to call an asmx service using the jQuery ajax call-
[Code]....
I have double checked the url of the service and spelling/case of the name of the method as well as the parameters in the dataStr.
I still get the error-<b> Description: </b>HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. review the following URL and make sure that it is spelled correctly.
in the responseText of XMLHttpRequest, above.
View 3 Replies
Oct 9, 2012
I have created a asmx web service.The service will interact with SQL Server database to Get, Insert and Update of some tables in my db.I have one Service method called AddItem which takes a class object as parameter. with that parameter I am inserting the values into the database. In the same way I have another service method that Gets all the Items from db using the same class and returns the class object as the return type for my service.
Here is my sample AddItem() and GetAllItems() prototype
Collapse | Copy Code
View 1 Replies
Feb 4, 2010
The ideal goal is to consume .asmx web service using jQuery like this
[Code]....
View 2 Replies
Jan 13, 2011
I am having an aspx page in which I am calling a user control. The user control I am using a pop up to display it when a user clicks a asp:linkbutton. In that user control I am having a textbox and I am calling a Jquery Blur to do some validation. While doing so the function is calling [blur] is calling twice. I just called an alert() with the textbox value.So I can see the alert is coming twice .What I need to do to avoid the second time. I need to do it only whenever the user going out of the textbox and that also one time.
$('#<%=txtCategory.ClientID %>').blur(function() {
alert($(this).val());
});
View 2 Replies
Sep 3, 2010
I got a problem in my Asp.net application.When I try to save some data, I check if the data is right, When not I call a jquery dialog with the error message. But when my jquery dialog appears, my background form dissapears.and I get a javascript error: "html parsing error unable to modify the parent container element before the child element is closed".This is my jquery dialog call in codebehind:
string script = "openDialog('" + text + "', '" + title + "');";
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "open", script, true);
function openDialog(text, title) {
ar $dialog = $('<div></div>')
.html(text)
[code]...
View 1 Replies
Feb 17, 2010
I have the following Page_Load function...
protected void Page_Load(object sender, EventArgs e)
{
XmlDataSource1.Data = GetXmlFromFile(Request.QueryString["file"]);
XmlDataSource1.DataBind();
Repeater1.DataBind();
}
The page in which this Page_Load resides is called by a parent page. Each time this Page_Load gets called the value of "file" in the query string will be different. So each time I will be receiving the XML contents from a different file which are inserted into the XmlDataSource and then bound against by the Repeater. Getting the XML data from the file works great but when I bind against the repeater that only works the first time through Page_Load. Each time after that when this code is executed the same results from the first XML file are displayed in the repeater.
What am I missing here. How can I get the XML data to be bound against the repeater on each page load instead of just the first one?
View 3 Replies
May 10, 2010
I have a webservice (ASP.NET) deployed on a webfarm. A client application consumes it on daily basis. The problem is that some of its calls are duplicated (with difference of milliseconds). For example I have a function Foo(string a,string b). The client app calls this webmethod as Foo('test1','test2') once but my log shows that it is being called twice or sometimes 3 or 4 times randomly. Is this anything wrong with the webfarm or the code? Note that the webmethod has simple straighfarward insert and update statements.
View 1 Replies
May 27, 2010
I have a gridview control with delete asp:ImageButton for each row of the grid. What I would like is for a jquery dialog to pop up when a user clicks the delete button to ask if they are sure they want to delete it.
So far I have the dialog coming up just fine, Ive got buttons on that dialog and I can make the buttons call server side methods but its getting the dialog to know the ID of the row that the user has selected and then passing that to the server side code. The button in the page row is currently just an 'a' tag with the id 'dialog_link'. The jquery on the page looks like this:
$("button").button();
$("#DeleteButton").click(function () {
$.ajax({
[code]...
The dialog itself is just a set of 'div' tags. Ive thought of lots of different ways of doing this (parameter passing, session variable etc...) but cant figure out how to get any of them working.Any ideas are most welcome
View 1 Replies