Click here to Skip to main content
14,453,888 members
Rate this:
Please Sign up or sign in to vote.
See more:
Hi Guys,

Not a code question but more of a pattern. Can anyone point me in the direction of good practice handling with regards to webmethods exposed to Jquery controls with JSON and good security?

In brief, our asp.net pages utilize windows authentication with calls to user objects with roles etc. This is then stored in a session and accessed across webpages. Now utilizing a webmethod and ajax call, I can windows authenticate the user via Thread.CurrentPrincipal.Identity and add the relevant IIS security options on the web method but I obviously then need to do a user retrieval and all its roles and access rights. This would be fine if utilizing webservices with sporadic calls but here I have a webpage with cascading drop downs and I'd hate to have to check security rights ( not IIS ) in every webmethod call as I can't access sessions ( because I assume its outside of scope for the call ) and I don't want to have any form of security/rights info transfered to the client, rights should be determined by user on the server.

Any directions, paths , patterns that are common that I can look at?
Posted

1 solution

Rate this:
Please Sign up or sign in to vote.

Solution 1


with regards to webmethods exposed to Jquery controls with JSON and good security?


Please see this link for this...
How to call webmethod using JSON[^]
   
Comments
Mario Luis 9-Nov-11 3:52am
   
The ajax call and control populate I'm not having an issue with, it's more the server side role/access control and the need to re-instantiate the roles etc on each web method that I want to avoid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100