New Posts New Posts RSS Feed: Security/Authentication
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

Security/Authentication
 Post Reply Post Reply
Author
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
SirSmackalot View Drop Down
Newbie
Newbie


Joined: 22-Oct-2012
Posts: 4 		Post Options Post Options   Quote SirSmackalot Quote  Post ReplyReply Direct Link To This Post Topic: Security/Authentication
    Posted: 07-Nov-2012 at 3:34pm
Hello,

maybe i missed something, but what can be done do secure a breeze.js application, especially not exposing the Web API without any authorization.
For example using the AntiForgeryToken is not possible because breeze encapsulates all the ajax calls. So no extra header could be used.

Greetings
Back to Top
jtraband View Drop Down
IdeaBlade
IdeaBlade
Avatar

Joined: 19-Sep-2012
Posts: 55 		Post Options Post Options   Quote jtraband Quote  Post ReplyReply Direct Link To This Post Posted: 14-Nov-2012 at 7:29pm
It been awhile since you posted this, but take a look at our new pluggable ajax support in v 0.70.1.  Please let us know if this does or doesn't handle your issues. 
Back to Top
SirSmackalot View Drop Down
Newbie
Newbie


Joined: 22-Oct-2012
Posts: 4 		Post Options Post Options   Quote SirSmackalot Quote  Post ReplyReply Direct Link To This Post Posted: 17-Nov-2012 at 8:59am
Hi,

i have not tried it, will do so next week. Here ist something which might be useful:

http://stackoverflow.com/questions/11476883/web-api-and-validateantiforgerytoken
and
(followup of the previous link)
http://stackoverflow.com/questions/11725988/problems-implementing-validatingantiforgerytoken-attribute-for-web-api-with-mvc/11726560#11726560

This way the .NET AntiforgeryToken could be used. Maybe someone finds that useful.

With the plugable header this is possible :)

Greets
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down