Checkout thishttp://weblogs.asp.net/rashid/archive/2007/09/20/asp-net-ajax-web-service-security.aspx
Kazi,
Thanks for looking at this for me. I like the idea, this is definatley a step in the right direction. I'll have a go at implementing this and see if it improves our situation. I think this combined with HTTP_REFERER checks, and possibly a forced page refresh after x minutes will hopefully throw most attemps at illegal access. But as you say it's still not a proper solution and for the life of me I can't see a way to completely lock down the service, anyone else?.
Cheers Si
No comments:
Post a Comment