asp.net webforms: using pagemethod in combination with jquery for login form

Question

Hi all,

I want to change my login page from using an updatepanel to a pagemethod which will be called using jquery. Now I'm wondering if this is a safe approach? The username and password will be send to the pagemethod and from there it will be validated, hashed and checked against the database. Client side validation will be done using jquery validation. One side of me things it's 'as dangerous' or as safe as using a normal postback but the other side thinks it's unsafe because the calling of the pagemethod is plain visible in js and maybe can be altered by a user.

Please give your opinion on this case or maybe you know of a safer alternative. Thanks!! Kind regards, Mark

Answer 1

No more dangerous than doing an AJAX login form with ASP.NET MVC or any other form post. Whether it's a postback or a pagemethod call, nothing can stop someone from using fiddler or firebug etc to see the server call. Just make sure your password check is secure on the server. If you are really concerned, institute some checks to prevent brute force attacks. But this would be needed with your current approach too.