PageMethods security

Posted by TenaciousImpy on Stack Overflow See other posts from Stack Overflow or by TenaciousImpy
Published on 2010-03-21T01:12:49Z Indexed on 2010/03/21 1:21 UTC
Read the original article Hit count: 495

Filed under:

ASP.NET

|

pagemethods

|

AJAX

|

security

|

post

Hi,

I'm trying to 'AJAX-ify' my site in order to improve the UI experience. In terms of performance, I'm also trying to get rid of the UpdatePanel. I've come across a great article over at Encosia showing a way of posting using PageMethods. My question is, how secure are page methods in a production environment? Being public, can anyone create a JSON script to POST directly to the server, or are there cross-domain checks taking place? My PageMethods would also write the data into the database (after filtering).

I'm using Forms Authentication in my pages and, on page load, it redirects unauthenticated users to the login page. Would the Page Methods on this page also need to check authentication if the user POSTs directly to the method, or is that authentication inherited for the entire page? (Essentially, does the entire page cycle occur even if a user has managed to post only to the PageMethod)?

Thanks

© Stack Overflow or respective owner

Related posts about ASP.NET

Migrating ASP.NET MVC 1.0 applications to ASP.NET MVC 2 RTM

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Note: ASP.NET MVC 2 RTM isn’t yet released! But this tool will help you get your ASP.NET MVC 1.0 applications ready for when it is! I have updated the MVC App Converter to convert projects from ASP.NET MVC 1.0 to ASP.NET MVC 2 RTM. This should be last the last major change to the MVC App Converter… >>> More
April 14th Links: ASP.NET, ASP.NET MVC, ASP.NET Web API and Visual Studio

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Here is the latest in my link-listing blog series: ASP.NET Easily overlooked features in VS 11 Express for Web: Good post by Scott Hanselman that highlights a bunch of easily overlooked improvements that are coming to VS 11 (and specifically the free express editions) for web development: unit… >>> More
Use ASP.NET 4 Browser Definitions with ASP.NET 3.5

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
We updated the browser definitions files included with ASP.NET 4 to include information on recent browsers and devices such as Google Chrome and the iPhone. You can use these browser definition files with earlier versions of ASP.NET such as ASP.NET 3 Read More......(read more) >>> More
ASP.NET webforms + ASP.NET Ajax versus ASP.NET MVC and Ajax framework freedom

as seen on Stack Overflow - Search for 'Stack Overflow'
If given the choice, which path would you take? ASP.NET Webforms + ASP.NET AJAX or ASP.NET MVC + JavaScript Framework of your Choice Are there any limitations that ASP.NET Webforms / ASP.NET AJAX has vis-a-vis MVC? >>> More
ASP.NET MVC 2 Released

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I’m happy to announce that the final release of ASP.NET MVC 2 is now available for VS 2008/Visual Web Developer 2008 Express with ASP.NET 3.5. You can download and install it from the following locations: Download ASP.NET MVC 2 using the Microsoft Web Platform Installer Download… >>> More

Related posts about pagemethods

PageMethods security

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm trying to 'AJAX-ify' my site in order to improve the UI experience. In terms of performance, I'm also trying to get rid of the UpdatePanel. I've come across a great article over at Encosia showing a way of posting using PageMethods. My question is, how secure are page methods in a production… >>> More
PageMethods In ASP.NET AJAX

as seen on ASP alliance - Search for 'ASP alliance'
Page Methods is a new mechanism in ASP.NET applications where the server code can be bound to ASP.NET pages. It is an easy way to communicate asynchronously with the server using ASP.NET AJAX technologies. It is an alternate to calling the page which is reliable and carries a low risk. It is basically… >>> More
ASP.NET Ajax simultaneous PageMethods

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, Can I call a PageMethod and then call another PageMethod before the first has finished? Are concurrent calls to PageMethods allowed? Thanks AJ >>> More
ASP.NET PageMethods and The HTTP verb POST used to access path is not allowed

as seen on Stack Overflow - Search for 'Stack Overflow'
So, I'm using URL routing with WebForms. I run locally through the Visual Studio web server, and everything is hunky-dory. I deploy locally to IIS (XP, so it's IIS5), and therefore I need to make sure that I have my app wildcard mapped so the URL routing is handled properly. However, doing this makes… >>> More
CustomValidator, pagemethods and JQuery what fun

as seen on Stack Overflow - Search for 'Stack Overflow'
Hey all, I have a CustomValidator, RequiredFieldValidator and ValidationSummary controls on an aspx page to check the current password and make sure the new password is not blank. When I click submit I get the js alert() box from the summary control telling me about just the RequiredFieldValidator… >>> More