DevForce Community Forum : Security/Authentication

DevForce Community Forum : Security/Authentication http://www.ideablade.com/forum/ This is an XML content feed of; DevForce Community Forum : Community Forum : Security/Authentication Fri, 10 Apr 2026 19:15:23 -700 Sat, 17 Nov 2012 08:59:25 -700 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 9.69 360 www.ideablade.com/forum/RSS_post_feed.asp?TID=3775 DevForce Community Forum http://www.ideablade.com/forum/forum_images/IdeaBlade_logo_tm.png http://www.ideablade.com/forum/ Security/Authentication : Hi,i have not tried it, will do... http://www.ideablade.com/forum/forum_posts.asp?TID=3775&PID=15234#15234 Author: SirSmackalot
Subject: 3775
Posted: 17-Nov-2012 at 8:59am

Hi,

i have not tried it, will do so next week. Here ist something which might be useful:

http://stackoverflow.com/questions/11476883/web-api-and-validateantiforgerytoken
and
(followup of the previous link)
http://stackoverflow.com/questions/11725988/problems-implementing-validatingantiforgerytoken-attribute-for-web-api-with-mvc/11726560#11726560

This way the .NET AntiforgeryToken could be used. Maybe someone finds that useful.

With the plugable header this is possible :)

Greets
]]> Sat, 17 Nov 2012 08:59:25 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=3775&PID=15234#15234 Security/Authentication : It been awhile since you posted... http://www.ideablade.com/forum/forum_posts.asp?TID=3775&PID=15204#15204 Author: jtraband
Subject: 3775
Posted: 14-Nov-2012 at 7:29pm

It been awhile since you posted this, but take a look at our new pluggable ajax support in v 0.70.1. Please let us know if this does or doesn't handle your issues. ]]> Wed, 14 Nov 2012 19:29:34 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=3775&PID=15204#15204 Security/Authentication : Hello,maybe i missed something,... http://www.ideablade.com/forum/forum_posts.asp?TID=3775&PID=15135#15135 Author: SirSmackalot
Subject: 3775
Posted: 07-Nov-2012 at 3:34pm

Hello,

maybe i missed something, but what can be done do secure a breeze.js application, especially not exposing the Web API without any authorization.
For example using the AntiForgeryToken is not possible because breeze encapsulates all the ajax calls. So no extra header could be used.

Greetings

]]> Wed, 07 Nov 2012 15:34:45 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=3775&PID=15135#15135