neon-background-wallpaper-23204

A secure way of sending information to a web service.

Using AJAX and web services in your application can make it richer. But passing information from the client end through Ajax is always a headache as the information can be hacked. That means the end user can change the post parameter values and can explore information that you want to hide from them (Only if you are not doing the proper checkings at the server side).

E.g.: Suppose Tip id=420 is a private tip and shouldn’t be shown to public user. And you are storing the id information in an HiddenField and sending the value to web services like this.

var tipID = $("[id$=hfTipID]").val();
var parameter = '{"tipID":"' + tipID + '"}';
$.ajax(
{
type: 'POST',
url: webUrl,

data: parameter
......
}

Then in this case somebody can edit the value of HiddenField & send the private tip ID.
So it is better to hide how & what we are sending from the client end during the ajax call.

Here is one of the many secure ways of sending information from client end. If our URL is containing the information (tipID here) like …..x.aspx?tipID=500&userid=100 then we don’t have to send it to the web service through Ajax call.

We can access the URL, parse it, and can get the required information.

Here is How?

Use HttpContext.Current.Request (not HttpRequest Page.Request) to access the request object. Then access the Request.UrlReferrer (because Request.URL is the web service URL).

Then we can manually parse the querystring as discussed below and can get the required information.

// Get the user ID.
if (HttpContext.Current.Request.UrlReferrer.Query.IndexOf("tipID") < 0)
{
// Not a valid url from which the service is taking place.
}
else
{

// get the query.
string query = HttpContext.Current.Request.UrlReferrer.Query.ToLower() + "&";

// Parse it manually.
int idStartIndex = query.IndexOf("tipid=") + "tipid=".Length;
int idEndIndex = query.ToString().IndexOf("&");

// Retrive the ID.
string idValue = query.Substring(idStartIndex, (idEndIndex - idStartIndex));
int.TryParse(idValue, out parentTipID);
}

smiley Hope this can give you some relief while using Ajax to call web service in your application.

1920 1080 Burnignorance | Where Minds Meet And Sparks Fly!
Previous Post
How To Start writing CUDA Program
Next Post
Editing Locked Or Declared as Record Document in Sharepoint 2010
Close