Security and cross domain with ASP.NET MVC JsonResult and jQuery

Question

Security and cross domain with ASP.NET MVC JsonResult and jQuery

I am using asp.net MVC to develop an application that will have ajax interactions. I have JsonResult methods in the controller returning my serialized json data. For example, when a request is executed at http://somesite.com/findwidgets/ mvc serializes the data as json and sends it back.

I use jQuery on the client side to process ajax requests and then manipulate the results. I have no problem getting the data, but I found that I can make http://somesite.com/findwidgets/ requests from the browser address bar and it will return json data as a download.

Also, how can I guarantee that others cannot just make requests and capture data using http://somesite.com/findwidgets/ ?

Is cross-domain the right topic here, or is it about other security issues?

thanks

+1

json jquery ajax asp.net-mvc cross-domain

Jeremy Jan 22 '09 at 17:13

source share

3 answers

.

0

IEnumerator 03 . '09 2:21

IsAjaxRequest() ( - , ). / , Request.UrlReferrer( ).

0

zihotki 16 . '09 23:58

Chris · Accepted Answer · 2009-01-22T17:19:30+0000

Also, how can I ensure that others cannot just make requests and grab data usage from http://somesite.com/findwidgets/ ?

, , - , , , . , , - , , . , .

, http://somesite.com/findwidgets/ json .

, JSON mime-, mime- . , .

Security and cross domain with ASP.NET MVC JsonResult and jQuery

More articles: