Is the web method in the code safe, like the page on which it is included?

Question

Is the web method in the code safe, like the page on which it is included?

This is a bit confusing to me. I would suggest that the web method will follow the same authorization rules that are set in web.config as the page on which it is included. Will it perform the normal page life cycle in the first place? In my case, there is additional logic on the base page that checks for additional permissions. Will this logic be executed before the web method is called to prevent access by users who do not have access to this page?

+8

c # asp.net

Mike Aug 23 '11 at 12:55

source share

2 answers

The bottom line is a web method that is much less secure than using the asmx web method. Although you may have a method that depends on /default.aspx/MyWebMethod, it will not receive any built-in form protection and can be called from anywhere in your application.

+1

Donnie Aug 23 '11 at 15:32

source share

Martin · Accepted Answer · 2011-08-23T14:07:20+0000

The web method must be static, and it does not conform to the normal ASP.NET lifecycle.

In the web method, you cannot access the session or controls on the page.

Since it will not go through all the events, I don’t think your PreInit will be called, so you cannot restrict access through it.

Is the web method in the code safe, like the page on which it is included?

More articles: