I have been playing with JQuery ajax and an ASP.Net webservice. I would like to use this combination to do more than look up information. I would like to add lines to orders and and do other things that will open up holes for security if there is no way to check if the user is logged in or not.
Javascript user checking before running the ajax will not shield from attacks by a semi aware hacker. Am I bound to use ASP.net controls to do all significant data entry?
问问题
643 次
2 回答
3
Ajax 请求与普通请求一样发送所有相同的标头(包括身份验证 cookie)。只需根据尝试的操作和特定数据验证用户,就可以了。
于 2013-07-29T18:43:45.863 回答
1
您需要(在服务器端)验证当前用户是否已登录。这对于 MVC 来说很容易,只需将[Authorize] 属性放在控制器或方法上即可。
于 2013-07-29T18:45:04.023 回答