Print Page | Close Window

Security/Authentication

Printed From: IdeaBlade
Category: Breeze
Forum Name: Community Forum
Forum Discription: Build rich JavaScript apps using techniques you already know
URL: http://www.ideablade.com/forum/forum_posts.asp?TID=3775
Printed Date: 29-Sep-2020 at 12:28pm


Topic: Security/Authentication
Posted By: SirSmackalot
Subject: Security/Authentication
Date Posted: 07-Nov-2012 at 3:34pm
Hello,

maybe i missed something, but what can be done do secure a breeze.js application, especially not exposing the Web API without any authorization.
For example using the AntiForgeryToken is not possible because breeze encapsulates all the ajax calls. So no extra header could be used.

Greetings





Replies:
Posted By: jtraband
Date Posted: 14-Nov-2012 at 7:29pm
It been awhile since you posted this, but take a look at our new pluggable ajax support in v 0.70.1.  Please let us know if this does or doesn't handle your issues. 


Posted By: SirSmackalot
Date Posted: 17-Nov-2012 at 8:59am
Hi,

i have not tried it, will do so next week. Here ist something which might be useful:

http://stackoverflow.com/questions/11476883/web-api-and-validateantiforgerytoken
and
(followup of the previous link)
http://stackoverflow.com/questions/11725988/problems-implementing-validatingantiforgerytoken-attribute-for-web-api-with-mvc/11726560#11726560

This way the .NET AntiforgeryToken could be used. Maybe someone finds that useful.

With the plugable header this is possible :)

Greets



Print Page | Close Window