Solved

How to secure a WCF JSON service

Posted on 2014-01-21
5
428 Views
Last Modified: 2014-01-24
I created a basic WCF service that returns JSON.
How can I secure it so it can't be called by anyone?
I know I can use SSL to encrypt the JSON.
But how do I prevent anyone in the world from calling via JQUERY.
0
Comment
Question by:JElster
  • 3
  • 2
5 Comments
 
LVL 82

Expert Comment

by:leakim971
ID: 39796712
If anyone in the world can't call it using Ajax or any method, what is the purpose?
0
 
LVL 1

Author Comment

by:JElster
ID: 39796718
I want to prevent anyone from calling it.
Only validated users , after logging in.
0
 
LVL 82

Expert Comment

by:leakim971
ID: 39796728
so once user is validated, you create a session variable and in your web services, you check is the user is connected using the session variable
0
 
LVL 1

Author Comment

by:JElster
ID: 39796764
I'm not calling it from ASP.Net.  
I'm calling from a plain html page with JS.
So I can create some variable - so that if they are validated and if true allow access?
What's prevented them from just entering the URL in a browser and running it?
That's my main concern.
0
 
LVL 82

Accepted Solution

by:
leakim971 earned 500 total points
ID: 39796775
if the user just type the URL in the browser, the server check if he's not validated/loggedin/connected and provide data or not.

if the user is validated/connected/loggedin he will always be able to load the data.
using POST method, prevent someone to get data by just typing URL in a browser but there's lot of workaround
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi all! Recently there was EE question and the person wanted to have a multi-column textbox <div> selection, so as a first step to answer I provided a link but that was not complete with JavaScript selection, but had a good style sheet. So as a ques…
Introduction Knockoutjs (Knockout) is a JavaScript framework (Model View ViewModel or MVVM framework).   The main ideology behind Knockout is to control from JavaScript how a page looks whilst creating an engaging user experience in the least …
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question