0

Ok, so I am kind of new to jQuery and web programming in general, (though I have been doing web services and SharePoint related C# for a few years, but only ever with an internal setup where security wasn't an issue) But now I am looking to create a public website that pulls information from an internal Database. I know how I can implement a web service and I know how I can make it secure. However I then need to call the web service using Jquery from a page. I know how to do this as well.

What I am struggling with is how to secure that. If I am able to call the web service from my page, what's to stop person XYZ from coming along, stealing my Jquery/Code and accessing MY web service with THIER website? how can I stop this, I've thought about ways to encrypt the data/authenticate, but anything I do can be accessible then because they can just view whatever I do in the Jquery.

any suggestions on how I would go about securing my web service so only people from my website could access it would be great.

Nikerym
  • 515
  • 3
  • 12

2 Answers2

0

A good start would be to use basic http authentication. I assume you'll find a way to implement it on the server side. Here is the jQuery client example How to use Basic Auth with jQuery and AJAX?.

A should notify you that your next problem will probably be Origin is not allowed by Access-Control-Allow-Origin.

Community
  • 1
  • 1
Dejan
  • 31
  • 1
0

Make sure you authenticate users before they can access your service, and validate on the server that a user can't do anything they aren't allowed to do. That way, regardless of whether they are accessing the service from your website on their own code, they can't do anything they aren't allowed to.

Jason P
  • 26,984
  • 3
  • 31
  • 45