How do I protect a webservice if it is called from ajax ?
Update: I realize that my question didn't reflect what I intended to ask. I don't want user to be able to do the request by pointing to it with its webbrowser but only in the context of my app.
ajax still communicates over http. just secure the http and make sure the user/client has established a session before allowing further http calls.
Hi,
@Steven is right, no matter which language you are using, just verify that session is not new, or that user is authenticated, exactly like writing simple authentication mechanism on server side.