I have a following scenario – and what I am really looking is real help from real people. Suggestions / Solutions ? Please.
I have an extranet web site for ex. www.foo.com (asp.net 3.5) I am using JQuery 1.3.2 to call ValidateLogin PageMethods in default.aspx page ( www.foo.com/default.aspx)
The code will look like this
$.ajax({
type: "POST",
contentType: "application/json; charset=utf-8",
dataType: "json",
url: "Default.aspx/ValidateLogin",
data: '{' + arg + '}',
success: function(data) {
if (data.d != 0) {
window.location = "http://www.google.com";
} else {
alert("Invalid UserName/Password.");
ResetLoginForm();
}
},
error: function(xhr, status, error) {
var strerror = xhr.status + error;
alert("Error Communicating with Server:" + strerror);
ResetLoginForm();
}
});
The code is stored in external js file. For ex default.js.
Since this website is public, anyone can download the default.js and thus can take a look at code given above.
My question is once the person gets this url: "Default.aspx/ValidateLogin", he can make a request to server and server will proudly respond to the request.
What are my options here ? how do I validate request ? How do I prevent these kind of unauthorized requests ?