堆栈内存溢出
  简体   繁体   English

来自Jquery的Web服务调用

[英]Webservice calls from Jquery

 原文  2013-07-18 09:46:41       jquery/ security/ service/ web

问题描述

Ok, so I am kind of new to jQuery and web programming in general, (though I have been doing web services and SharePoint related C# for a few years, but only ever with an internal setup where security wasn't an issue) But now I am looking to create a public website that pulls information from an internal Database. 好的,所以,我一般来说对jQuery和Web编程还是陌生的(尽管我从事Web服务和与SharePoint相关的C#已有几年了,但是只有在不涉及安全性的内部设置下才可以)我正在寻找一个公共网站,从内部数据库中提取信息。 I know how I can implement a web service and I know how I can make it secure. 我知道如何实现Web服务,并且知道如何使其安全。 However I then need to call the web service using Jquery from a page. 但是,然后我需要从页面使用Jquery调用Web服务。 I know how to do this as well. 我也知道该怎么做。

What I am struggling with is how to secure that. 我正在努力的是如何确保这一点。 If I am able to call the web service from my page, what's to stop person XYZ from coming along, stealing my Jquery/Code and accessing MY web service with THIER website? 如果我能够从我的页面调用Web服务,那么如何阻止XYZ人来窃取我的Jquery /代码并通过THIER网站访问我的Web服务? how can I stop this, I've thought about ways to encrypt the data/authenticate, but anything I do can be accessible then because they can just view whatever I do in the Jquery. 我该如何停止这一点,我已经考虑过加密数据/进行身份验证的方法,但是我所做的任何事情都可以访问,因为它们可以查看我在Jquery中所做的任何事情。

any suggestions on how I would go about securing my web service so only people from my website could access it would be great. 任何有关如何保护Web服务以使只有我网站上的人可以访问它的建议都是很棒的。

2 个解决方案

解决方案1
 0 已采纳  2013-07-18 09:55:55

A good start would be to use basic http authentication. 一个好的开始是使用基本的http身份验证。 I assume you'll find a way to implement it on the server side. 我想您会找到一种在服务器端实现它的方法。 Here is the jQuery client example How to use Basic Auth with jQuery and AJAX? 这是jQuery客户端示例如何在jQuery和AJAX中使用Basic Auth? .

A should notify you that your next problem will probably be Origin is not allowed by Access-Control-Allow-Origin . A应该通知您,下一个问题可能是Origin is not allowed by Access-Control-Allow-Origin

解决方案2
 0  2013-07-18 14:09:27

Make sure you authenticate users before they can access your service, and validate on the server that a user can't do anything they aren't allowed to do. 请确保您先对用户进行身份验证,然后他们才能访问您的服务,并在服务器上验证用户无法执行他们不允许执行的任何操作。 That way, regardless of whether they are accessing the service from your website on their own code, they can't do anything they aren't allowed to. 这样,无论他们是否使用自己的代码从您的网站访问服务,他们都无法做他们不允许做的事情。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用WebService调用调试JQuery - Debugging JQuery With WebService Calls 多个链接的jQuery AJAX POST Web服务调用 - Multiple chained jQuery AJAX POST webservice calls 来自Webservice语法的XML - XML from Webservice syntaxerror jquery 从jQuery调用Axis Web服务 - Calling Axis webservice from jquery 从jQuery访问Web服务WSDL - access webservice wsdl from jquery 使跨域jquery ajax调用Restful Web服务? - Making cross domain jquery ajax calls to Restful webservice? 使用jQuery 1.7.1 / eval / seq /的C#Web服务调用 - C# webservice calls using jQuery 1.7.1 /eval/seq/ jQuery AJAX Web服务调用处理HTTP错误的问题 - Issues with handling http errors with jQuery AJAX webservice calls 对Web Service的JQuery JSON调用始终运行“错误”回调 - JQuery JSON Calls To PHP WebService Always Runs “Error” Callback ASP.NET Web服务与页面方法中的jQuery Ajax调用 - Jquery ajax calls in ASP.NET webservice vs page method
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM