在asp.net中使用ajax
[英]The using of ajax in asp.net
问题描述
I'm a little bit confused about which method to use : 
我对使用哪种方法感到有点困惑:
1- using Jquery to call HttpHandler page that implement an order . 1-使用Jquery调用实现订单的HttpHandler页面。
2- using ICALLBACKEventHandler - read more . 2-使用ICALLBACKEventHandler - 阅读更多 。
Can you give me some advise about which one is more efficient to use. 你能给我一些关于哪一个更有效使用的建议。
Thanks 谢谢
1 个解决方案
解决方案1
7 已采纳 2011-05-08 20:57:41
Basic reading 基本阅读
I suggest you this links to help you understand better the options and choose what you want: 我建议你这个链接,以帮助你更好地理解选项,并选择你想要的:
Why ASP.NET Ajax UpdatePanels are dangerous?
为什么ASP.NET Ajax UpdatePanel很危险? Using jQuery to directly call Ajax Page Methods .
使用jQuery直接调用Ajax页面方法 。 Simplify calling ASP.NET Ajax Services from jQuery .
简化从jQuery调用ASP.NET Ajax服务 。
My choice 我的选择
I prefer to use jQuery.ajax() and also jQuery Templates Plugin when needed (loading tabular data from AJAX calls). 我更喜欢在需要时使用jQuery.ajax()和jQuery Templates插件 (从AJAX调用加载表格数据)。 A lightweight approach and with much more control to the developer. 一种轻量级方法,对开发人员有更多控制权。 I don't like how Microsoft likes generating stupid codes when we use their handlers . 我不喜欢微软喜欢在我们使用他们的处理程序时生成愚蠢的代码 。
Security holes 安全漏洞
But it's okay, you could has some security issues as you pointed on comments. 但是没关系,你指出评论时可能会遇到一些安全问题。
Your note about the ease manipulation of the Referer was interesting, but this vulnerability isn't jQuery exclusive. 你关于Referer轻松操作的注释很有意思,但这个漏洞不是jQuery独有的。 The problem is that the concept of AJAX itself already carries several security holes , which are known problems discussed over the years. 问题在于AJAX本身的概念已经存在多个安全漏洞 ,这些漏洞是多年来讨论的已知问题。
It's important to observe that using ICallbackEventHandler isn't a solution , since it's only yet another way to generate AJAX requests without you having to type it. 重要的是要注意使用ICallbackEventHandler 不是一个解决方案 ,因为它只是生成AJAX请求的另一种方式,而无需您输入它。 But if the asynchronous request exists, it always can be intercepted in some way, like a $.ajax() could be. 但是如果异步请求存在,它总是可以以某种方式被拦截,就像$.ajax()一样。
Finally, you already gave an "almost" answer: it's better to work passing security tokens as a parameter . 最后,您已经给出了“差不多”的答案: 将安全令牌作为参数传递更好 。 If you works with MasterPage , the token generation in a HiddenField will be abstracted to a single code. 如果您使用MasterPage , HiddenField的令牌生成将被抽象为单个代码。 And you can encapsulate with a JavaScript function responsible for making AJAX calls with this token as parameter. 您可以使用JavaScript函数进行封装,该函数负责使用此标记作为参数进行AJAX调用。 Everything is just a matter of software architecture. 一切都只是软件架构的问题。
I called it an "almost" answer because nothing is fully secure and security tokens can also be hacked . 我称之为“差不多”的答案,因为没有什么是完全安全的, 安全令牌也可以被黑客入侵 。 Yes, it's much more hard and rare, but 99% is never 100%. 是的,它更加艰难和罕见,但99%从来不是100%。
Resuming 恢复
Your second option with ICallbackEventHandler could have many security issues as well as your first option with $.ajax() , since a handler will generate some code similar to any code that you would type. 使用ICallbackEventHandler第二个选项可能有许多安全问题以及$.ajax()第一个选项,因为处理程序将生成一些类似于您要键入的任何代码的代码。 In the end, your choice must be a matter of taste. 最后,您的选择必须是品味问题。 But remember to read and take the required approachs about security on both cases. 但请记住阅读并采取有关两种情况下安全性的必要方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.