我的代码采用用户名和密码,并通过 ajax 将其传递给在域上进行身份验证的服务器端代码。返回的字符串为真。黑客是否有可能以某种方式注入真实响应以进入该站点?C#
if (Request.Form["MethodName"] == "auththenticate")
{
string u = Request.Form["username"].ToString();
string p = Request.Form["password"].ToString();
bool valid = false;
using (PrincipalContext context = new PrincipalContext(ContextType.Domain))
{
valid = context.ValidateCredentials(u, p);
}
HttpContext.Current.Response.Write(valid);
HttpContext.Current.Response.End();
}
ajax 调用成功函数:success: function (json) {
if (json == "True") {
$("#loginDialog").dialog("destroy"); var authenticated = true
} else {
$("#username").val("");
$("#password").val("");
$("#fail").css(visibility, "visible");
}