Security/Authentication
Printed From: IdeaBlade
Category: Breeze
Forum Name: Community Forum
Forum Discription: Build rich JavaScript apps using techniques you already know
URL: http://www.ideablade.com/forum/forum_posts.asp?TID=3775
Printed Date: 20-Apr-2024 at 12:51pm
Topic: Security/Authentication
Posted By: SirSmackalot
Subject: Security/Authentication
Date Posted: 07-Nov-2012 at 3:34pm
Hello,
maybe i missed something, but what can be done do secure a breeze.js application, especially not exposing the Web API without any authorization.
For example using the AntiForgeryToken is not possible because breeze encapsulates all the ajax calls. So no extra header could be used.
Greetings
|
Replies:
Posted By: jtraband
Date Posted: 14-Nov-2012 at 7:29pm
|
It been awhile since you posted this, but take a look at our new pluggable ajax support in v 0.70.1. Please let us know if this does or doesn't handle your issues.
|
Posted By: SirSmackalot
Date Posted: 17-Nov-2012 at 8:59am
Hi,
i have not tried it, will do so next week. Here ist something which might be useful:
http://stackoverflow.com/questions/11476883/web-api-and-validateantiforgerytoken
and
(followup of the previous link)
http://stackoverflow.com/questions/11725988/problems-implementing-validatingantiforgerytoken-attribute-for-web-api-with-mvc/11726560#11726560
This way the .NET AntiforgeryToken could be used. Maybe someone finds that useful.
With the plugable header this is possible :)
Greets
|
|