Print Page | Close Window


Printed From: IdeaBlade
Category: Breeze
Forum Name: Community Forum
Forum Discription: Build rich JavaScript apps using techniques you already know
Printed Date: 22-May-2022 at 8:53pm

Topic: Security/Authentication
Posted By: SirSmackalot
Subject: Security/Authentication
Date Posted: 07-Nov-2012 at 3:34pm

maybe i missed something, but what can be done do secure a breeze.js application, especially not exposing the Web API without any authorization.
For example using the AntiForgeryToken is not possible because breeze encapsulates all the ajax calls. So no extra header could be used.


Posted By: jtraband
Date Posted: 14-Nov-2012 at 7:29pm
It been awhile since you posted this, but take a look at our new pluggable ajax support in v 0.70.1.  Please let us know if this does or doesn't handle your issues. 

Posted By: SirSmackalot
Date Posted: 17-Nov-2012 at 8:59am

i have not tried it, will do so next week. Here ist something which might be useful:
(followup of the previous link)

This way the .NET AntiforgeryToken could be used. Maybe someone finds that useful.

With the plugable header this is possible :)


Print Page | Close Window