Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 438
  • Last Modified:

How to secure a WCF JSON service

I created a basic WCF service that returns JSON.
How can I secure it so it can't be called by anyone?
I know I can use SSL to encrypt the JSON.
But how do I prevent anyone in the world from calling via JQUERY.
0
JElster
Asked:
JElster
  • 3
  • 2
1 Solution
 
leakim971PluritechnicianCommented:
If anyone in the world can't call it using Ajax or any method, what is the purpose?
0
 
JElsterAuthor Commented:
I want to prevent anyone from calling it.
Only validated users , after logging in.
0
 
leakim971PluritechnicianCommented:
so once user is validated, you create a session variable and in your web services, you check is the user is connected using the session variable
0
 
JElsterAuthor Commented:
I'm not calling it from ASP.Net.  
I'm calling from a plain html page with JS.
So I can create some variable - so that if they are validated and if true allow access?
What's prevented them from just entering the URL in a browser and running it?
That's my main concern.
0
 
leakim971PluritechnicianCommented:
if the user just type the URL in the browser, the server check if he's not validated/loggedin/connected and provide data or not.

if the user is validated/connected/loggedin he will always be able to load the data.
using POST method, prevent someone to get data by just typing URL in a browser but there's lot of workaround
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now