Hi, you can add the AjaxPro.HttpRefererModule to web.config httpModules section. I will post a full example later, I'm currently driving,...
Regards, Michael On 6/16/06, learntech nology <[EMAIL PROTECTED]> wrote: > Dear Micheal, > > Will you please tell me, Is HttpRefererModule available in Ajax.dll ?? > If not how can I achive such security ? > Please guide me for same. > Thanks, > > > > On 6/15/06, learntech nology <[EMAIL PROTECTED]> wrote: > > > > Dear Micheal , > > Very thanks for your response and spcially for your technology that gives > > excellent performance to .Net application. > > Keep Growing. > > > > Regards, > > learn zala > > > > > > > > > > On 6/14/06, Michael Schwarz <[EMAIL PROTECTED]> wrote: > > > > > > > > > Hi, > > > > > > there is the same security issues than common ASP.NET. Following key > > > words should be discussed: > > > > > > 1) FormsAuthentication (NTLM is not working) > > > > > > 2) HttpRefererModule that will check the http request header > > > > > > 3) Ticket use, where you write your own ticket that will be placed in > > > your ASPX file > > > > > > It is like everytime, if you know the security checks you could fake > > > the request. Think on stolen cookies... and now on stolen http > > > requests. > > > > > > I put an example online that will only return the AjaxPro request if > > > HttpReferer is from same site. See a post from the last days. > > > > > > Regards, > > > Michael > > > > > > > > > On 6/12/06, learntech nology < [EMAIL PROTECTED]> wrote: > > > > Dear Friends, > > > > Recently I have starte to learn AJAX. > > > > I have developed a small functionality " TO FILL DROP DOWN LIST OF > > > CITY > > > > BASED ON STATE". > > > > For that I am calling server side method from javascript and filling > > > drop > > > > down of city. > > > > URL is like this http://localhost/webapp/page1.aspx?stateid=[id] > > > <http://localhost/webapp/page1.aspx?stateid=%5Bid%5D> > > > > It's working fine without any issue. > > > > Now I have question , If any user visit that page and from view sorce > > > copy > > > > that script > > > > and call my link > > > > > http://localhost/webapp/page1.aspx?stateid=[id]<http://localhost/webapp/page1.aspx?stateid=%5Bid%5D> > > > > > > > > that user can able to get list of city from simply copy/paste of > > > javascript > > > > from my page. > > > > So I want to know how to implement security so another page can't use > > > my > > > > link. > > > > please help me . > > > > Thanks in advance. > > > > > > > > > > > > -- > > > > Learn Zala > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > Best regards | Schöne Grüße > > > Michael > > > > > > Microsoft MVP - Most Valuable Professional > > > Microsoft MCAD - Certified Application Developer > > > > > > http://weblogs.asp.net/mschwarz/ > > > http://www.schwarz-interactive.de/ > > > mailto:[EMAIL PROTECTED] > > > > > > > > > > > > > > > > > -- > > Learn Zala > > > > > > -- > Learn Zala > > > > > -- Best regards | Schöne Grüße Michael Microsoft MVP - Most Valuable Professional Microsoft MCAD - Certified Application Developer http://weblogs.asp.net/mschwarz/ http://www.schwarz-interactive.de/ mailto:[EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ajax.NET Professional" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/ajaxpro The latest downloads of Ajax.NET Professional can be found at http://www.ajaxpro.info -~----------~----~----~----~------~----~------~--~---
