.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

How to secure a web service consumed with AJAX

Posted By:      Posted Date: September 23, 2010    Points: 0   Category :ASP.Net

When a web service is consumed from server side, the web service may be implemented in a way to check credentials of the caller. In the case of calling the web service from javascript, how to secure the service since no credentials can be passed into a javascript function becuase of the visibility in source view? 

View Complete Post

More Related Resource Links

Cutting Edge: Building A Secure AJAX Service Layer


This month Dino builds a service layer that authenticates users of Silverlight 2 and ASP.NET AJAX services to prevent illegal access to sensitive back-end services.

Dino Esposito

MSDN Magazine September 2008

Extreme ASP.NET: Client-Side Web Service Calls with AJAX Extensions


Microsoft AJAX Library and the ASP.NET 2.0 AJAX Extensions provide a number of compelling features ranging from client-side data binding, to DHTML animations and behaviors. Learn all about them here.

Fritz Onion

MSDN Magazine January 2007

With Anonymous access disabled, is there any way to use an AJAX-enabled WCF Service?

I have a website where anonymous access is disabled but I want to user an ajax-enabled WCF service. Configuring the service's binding security to use "TransportCredentialOnly" with clientCredentialType="Windows" seems like the obvious thing to do; indeed, many posts in various places suggest this approach. Unfortunately, however, it doesn't work. I always get the error "Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service." How can I configure the service to function correctly. I'm running IIS 7.5 with .Net framework 4.0. Thanks.

How to Programatically SetCredentials for Secure Store Service Application in Sharepoint 2010 using

I have to setup Credentials for Secure Store Service application programatically. To get Stored Credentials I have following code and its working fine. using (SPSite site = new SPSite("http://vtlssp2010Dev")) //using (SPSite site = new SPSite("http://" + System.Environment.MachineName + "/sites/Site_Name"))d { Console.WriteLine(site.RootWeb.CurrentUser.Name); SPServiceContext context = SPServiceContext.GetContext(site); prov.Context = context; try { SecureStoreCredentialCollection cc = prov.GetCredentials(appID); foreach (SecureStoreCredential c in cc) { IntPtr ptr = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(c.Credential); string sDecrypString = System.Runtime.InteropServices.Marshal.PtrToStringUni(ptr); Console.WriteLine(sDecrypString); } } catch (Exception ex) { Console.WriteLine("Unable to get credentials for application " + appID); Console.WriteLine(ex.Message); } Console.ReadLine(); } } All I want is to programmatically do set credentials like explained in this example on msdn. http://msdn.microsoft.com/en-us/library/ff798456.aspx Please help. Shamshad Ali  

Secure Service Store and custom web application.

 Hello All,  I have a problem for which I would like to use the Secure Service Store.  I've searched for similar solutions involving the SSS but I've not had any success yet.  Maybe I'm missing something obvious or going about it the wrong way.   We have an external application (actually, a number of external applications) we'd like to embed in our SharePoint site using an iframe or the Page Viewer web part.  The embedded application uses a custom forms based authentication scheme and I want to prevent the situation where a user has to log into our application then log into the embedded application.  Is there anything available the help post the credentials from SSS to the custom application?  The only think I can think to do is write some code that mimics a post to the login page of the embedded app and, if needed, write a stripped down or simpler login page for the embedded app to make that easier.  For my immediate task I have quite a bit of control over the source of both application and could write custom code on both sides if I had to, but I'd rather have a solution that only involve configuration or, at most, custom code on the SharePoint side.  Thanks,  Brandon 

Sharepoint Search and Secure Store Service not working

Hi There I am having issues with a few Sharepoint Services When I try to search for a document on any SharePoint site, I recieve an "Internal Server Error Exception". However when I checked the log files, I couldn't find any error messages matching with the given correlation ID. The search was working 2-3 weeks ago. Also 2 weeks ago, I started receiving warnings in the Health Analyzer saying “The Security token service is not available”. I am wondering if the security token service breaking down is related to the search issues, and if so what suggestions I could try to fix this issue. I am also unable to access the secure store service. In Central Administration->Application Management->Manage Service Applications, I try to click on the Secure Store Service, but there is no Proxy attached to the service, and I receive a message “No Secure Store Service Application Proxy ID was found”. When I check the Logfile, I receive these errors: 08/10/2010 11:11:32.94               w3wp.exe (0x18E4)                                      0x0ADC SharePoint Foundation     &nb

How to get all Secure Store Service (SSS) applications in the farm

Hello everyone, I am trying to use SharePoint 2010 Secure Store Service (next SSS) in my application to get credentials to external system. Is there any way to get all possible applications (IDs) from API provided. Currently I am using next code to get all applications: SecureStoreProvider provider = SecureStoreProviderFactory.Create() as SecureStoreProvider;             provider.Context = SPServiceContext.GetContext(SPServiceApplicationProxyGroup.Default, SPSiteSubscriptionIdentifier.Default);             if (provider != null)             {                 foreach (var app in provider.GetTargetApplications())                 {                     Console.WriteLine(app.Name);                 }             } However it depends on SPServiceApplicationProxyGroup.Default and SPSiteSubscriptionIdentifier.Default parameters. So in case I remove SSS from

Create a new target application - Secure Store Service administration issues

Hi,I am trying to create new target application, when I go to Secure Store Service in Centra admin I have:Cannot complete this action as the Secure Store Shared Service is not responding. Please contact your administrator.I have used this few days ago and avarything else is working fine on the server, and I have applications created with it running fine.Any help is appreciated.cheersValko

Ajax issue: delay in getting data from web service using innerHTML, please guide

I am working on an ajax application which will display about a million records in an html table. Web service returns records from server, I build a logn string by concatinating data and tags and than put this string using innerHTML (not using DOM for getting better performance). For testing I have put 6000 recods in database (stored procedure takes about 4 seconds in completion of its execution). While testing on local system (database and application on same machine) it took about 5 minutes to display the records in page. After deplying on web server it did not responde even for more time. It looks very low performance. I put records in a CSV file and its weight was less than 2 MB. I couldn't understand why string concatinations to build html table and putting string in innerHTML is taking such a huge time (if it is the issue). Requiment is to show about million records in web page but performance on just 6000 records is disappointing. I am not gettign what to do to increase performance. Kindly guide me and help me.  

Adding AJAX-enabled WCF Service to the Solution throws an error

Hi I am just trying to learn Ajax enabled WCF service, when I try to create a new web application and add new item "AJAX-enabled WCF Service" I get an error message that "The extension of type 'System.ServiceModel.Configuration.WebScriptEnablingElement, System.ServiceModel.Web, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35' is not registered in the extension collection 'behaviorExtensions'. I had .net2.0/VS2005 and then I installed VS2008. I thought it might be an issue with Machine.config. So I am attaching my machine.config info. <?xml version="1.0" encoding="UTF-8"?>    <!--    Please refer to machine.config.comments for a description and    the default values of each configuration section.     For a full documentation of the schema please refer to    http://go.microsoft.com/fwlink/?LinkId=42127     To improve performance, machine.config should contain only those    settings that differ from their defaults.    -->    <configuration>      <configSections>    <section name="appSettings" type="System.Configuration.AppSettingsSection, System.Configuration, Version=, Culture=neutral, Publi

Problem when ajax enabled WCF Service returns EDM Objects

Hi there, Could you please help me with the following problem? - I have ajax enabled WCF service. It returns Customer Entity Type.  For example: [OperationContract]             public List<Customer> GetCustomers()        {            using (NorthwindEntities context = new NorthwindEntities())            {                return context.Customers.Take(10).ToList();            }        }  - But AJAX Client Library cannot display Customer( as Entity). I cannot see data in browser. Even it hits the breakpoint and returns 10 customers. - But if I make a plain class called "Customer2" with same fields and copy all the "Customer" into "Customer2" then it works. In this case I return List<Customer2>. Then it works like a champ and I can see customer in AJAX/DataView/List. - Why I need to create a class? Is this JSON problem? DataView accepts JSON data format. - I use VS2010, AJAX 4.0. - Do I need to add something else along with [OperationContract].   Regards, Rajan  

How to view AJAX-enabled WCF service (.svc) file in browser

Hi I have created an AJAX-enabled WCF project TestWCFAjax having Default.aspx that uses the Add.svc web service.  When I select Default.aspx and run the app in VS 2008. It works perfectly, calls the webservice to do the desired task. But, I have following questions: 1. When I select the Add.svc.cs and run through VS2008, it throws an error "The type 'TestWCFAjax.Add', provided as the Service attribute value in the ServiceHost directive could not be found.". And the web url on the browser points to http://localhost:4960/Add.svc. I didn't create any virtual directory. I tried creating one that points to my application folder - TestWCFAjax. Still it doesn't work. How can I view Add.svc service on the browser like what we can do with normal WCF service? 2. How can I use Add.svc (AJAX-enabled WCF Service) in another web application? Regards

Master Page, web service and Ajax autocomplete extender problem.

 I will appreciate very much any help about this issue.  I have been dealing with it for the last week and I couldn't detail and complete examples about this issue. The problem: I have a text box and ajax autocomplete control extender in my Master Page that it is not working at all.  When I type some characters on the text box it doesn't trigger the autocomplete. I have a web service that contains the function code. I est my code on a single Web Page (No Master Page) and it works perfectly.  Also, it works fine if I include the text box and the extender on the Content Page instead of on the Master Page.  It is important to keep the text box in the Master Page for me. I am using Visual Studio 2008 and ASP 3.5.   tHANK YOU VERY MUCH. here is my code:   MASTER PAGE. <%@ Master Language="VB" AutoEventWireup="true" CodeFile="MasterPage.master.vb" Inherits="MasterPage" %> <%@ Register assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" tagprefix="ajax" %> <%@ Import Namespace = "System.Data" %> <%@ Import Namespace = "System.Data.SQLClient" %> <%@ Import Namespace = "System.Web.Script.Services" %> <%@ Import Namespace="System.Web" %> <%@ Import Namespace="System.Web.Services&

Issues with secure token service

Recently, I converted my sharepoint site from classic authentication to claims based, using ldap.  I finally got the Ldap connection to work, but my secure token service is not working. When I try to log in, I just get taken to an error page. I know the LDAP is working because when I search for users under "add users," people show up under my forms auth.  In central administration, it says the Security Token Service is not available. The explanation states that it is not issuing tokens and could be malfunctioning or in a bad state. When I look at my event logs, I get two errors. The first one says, "Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc. TCP error code 10061: No connection could be made because the target machine actively refused it" The other entry, which is only a warning, is a lot more helpful. The source is ASP.NET 2.0.50727.0 and the task category is web event. Here are the contents:
<script> function Toggle(node) { if (!window.fullyLoaded) return; // Expand the branch? if (node.nextSibling.style.display == 'none') { // Change the sign from "+" to "-". var tBodyNode = node.childNodes[0]; var trNode = tBodyNode.childNodes[0]; var tdNode = trNode.childNodes[0]; var bNode = tdNode.childNodes[0]; var textNode = bNode.childNodes[0]; i

can we use jsonp with a ajax enable wcf service?

Hi all, can we use jsonp with a ajax enable wcf service? (not ado.net data services but an ajax enable wcf service). THanks -Nen

How to configure secure communication between web client in DMZ and WCF-service in domain



I have a question regarding security in this scenario:

In the DMZ I have an server hosting my Web application. I'm using HTTPS between the user/browser and my web application (using certificate).

My web application is supposed to communicate with a service behind the firewall (inside the domain) hosted in IIS 7.
I'm using wsHttpBinding between my web application and the WCF-service.If I have this security configuration everything works fine:

<binding name="WSHttpBinding_ServiceLong" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:20:30" <br/>

How to get web service address in a ajax enabled page to use it in javascript


Hii everyone,

I have a requirement where I am using web service from  a server and adding that to a client

website .I have referenced the web service in my client web site  but not able to get the

address of web service. When I click on the path I get the disco file of web service and

the result is not displayed.My code is like this

</p><p>&lt;script&nbsp; language="javascript"&gt;

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; function btnadd_Click() {

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; var x = document.getElementById('txtA').value;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; var y = document.getElementById('txtB').value;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; var ans = WebService.Add(parseInt(x), parseInt(y), OnComplete, OnTimeOut, onerror);
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return true;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }


ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend