1. #1



    just looking at coolite and wondering how all the json stuff fits in with the forms authenitication?

    E.g in this example

    it is using a handler

    and in this example

    it is wrapping an object datasource in a

    which uses a JsonReader.

    the datasource has parameters

    the store has

    My question is what is exposed to the client side?
    What parameters do I have to validate?

    Does the page act as the handler and use the same security on an ajax request.

    For the first example can the handler be secured using forms authentication,
    and get access to the current user via Membership.GetUser,
    and then to calculate what the handler returns based on the logged in user?

    How does the ajax used in coolite compare to the ajax used by microsoft?


  2. #2

    RE: Security

    How does the ajax used in coolite compare to the ajax used by microsoft?
    It should be handled just the same. I was hoping to post a full sample for you, but just haven't had the time.*

    If the authentication is stored in a cookie (FormsAuthentication), then the same standard issue cookies with*ASP.NET_SessionId information*are sent with every request. If you're requesting from a '.NET' endpoint (.aspx, .ashx, .asmx, WCF, MVC, etc) the request is handled by the same .NET pipeline as all requests.*

    The user token can be retrieved as normal since it's fetched from the Request object (cookie).*

    It just so happens that the Response is a Json formatted &#100;ocument. The Request knows nothing (and doesn't care) about the Response.

    Hope this helps.

    Geoffrey McGill
  3. #3

    RE: Security

    Yep, I just ran a quick test with the MVC sample application ( and the User Identity object is fully accessible during a Json Request (really a Json Response).*


    throw new Exception(this.User.Identity.Name); // works, throws exception with "demo"

    Geoffrey McGill

Similar Threads

  1. [CLOSED] Security Error when using History control in IE6
    By jthompson in forum 1.x Legacy Premium Help
    Replies: 12
    Last Post: Feb 17, 2012, 6:16 AM
  2. Security issues with javascript console
    By dimitar in forum 1.x Help
    Replies: 2
    Last Post: Dec 17, 2010, 11:10 AM
  3. Core ASP.NET security vulnerability
    By r_honey in forum Open Discussions
    Replies: 0
    Last Post: Sep 21, 2010, 5:33 AM
  4. Login & Security
    By ttbsoftware in forum 1.x Help
    Replies: 0
    Last Post: Aug 17, 2010, 12:56 AM
  5. System Security Exception
    By jaydwire2 in forum 1.x Help
    Replies: 0
    Last Post: Jul 31, 2009, 3:38 PM

Posting Permissions