保护Webmethods
[英]Securing Webmethods
问题描述
I am using JQuery AJAX with webmethods . 
我正在使用带有webmethods的JQuery AJAX。 As regular session authentication wont work in webmethod what are possible methods of securing webmethods so that a user wont copy that url from client debugging tools and use it . 由于常规会话身份验证在webmethod中不起作用,因此保护webmethods的可能方法是什么,以便用户不会从客户端调试工具复制该url并使用它。
2 个解决方案
解决方案1
3 已采纳 2013-09-16 16:30:08
You can use sessions in your webmethods. 您可以在webmethods中使用会话。 Simply add (true) into your WebMethod attribute. 只需将(true)添加到WebMethod属性中即可。
[WebMethod(true)]
public string MyMethod
If you're using some of the built in authentication you can also use: 如果您正在使用某些内置身份验证,您还可以使用:
[Authorize(Roles = "RoleName")]
解决方案2
1 2013-09-16 16:38:45
If your WebMethod doesn't live on the same box as the rest of your app, you can also pass in some kind of salted and hashed timestamp or other information as one of the parameters in the call. 如果您的WebMethod与应用程序的其余部分不在同一个框中,您还可以传递某种盐渍和散列时间戳或其他信息作为调用中的参数之一。
Logic inside the webmethod itself could then decode the hash and match it to a list of currently logged in users and IPs and/or read an expiration date so the url would be useless if copied and called elsewhere. 然后,webmethod本身内部的逻辑可以对散列进行解码,并将其与当前登录的用户和IP列表进行匹配和/或读取过期日期,以便在其他地方复制和调用url将无用。
If the WebMethods are all part of the same application though, just depending on the Session is going to be your best bet. 如果WebMethods都是同一个应用程序的一部分,那么仅仅根据Session会是你最好的选择。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.