Apr 23, 2009, 11:02 AM
Security
Hi,
just looking at coolite and wondering how all the json stuff fits in with the asp.net forms authenitication?
E.g in this example
https://examples1.ext.net/#/GridPane...s/Json_Reader/
it is using a handler
and in this example https://examples1.ext.net/#/GridPane...g_and_Sorting/
it is wrapping an object datasource in a
which uses a JsonReader.
the datasource has parameters
start
limit
sort
dir
the store has
RemoteSort="true"
My question is what is exposed to the client side?
What parameters do I have to validate?
Does the page act as the handler and use the same security on an ajax request.
For the first example can the handler be secured using forms authentication,
and get access to the current user via Membership.GetUser,
and then to calculate what the handler returns based on the logged in user?
How does the ajax used in coolite compare to the asp.net ajax used by microsoft?
Thanks
just looking at coolite and wondering how all the json stuff fits in with the asp.net forms authenitication?
E.g in this example
https://examples1.ext.net/#/GridPane...s/Json_Reader/
it is using a handler
and in this example https://examples1.ext.net/#/GridPane...g_and_Sorting/
it is wrapping an object datasource in a
<ext:Store
tagwhich uses a JsonReader.
the datasource has parameters
start
limit
sort
dir
the store has
RemoteSort="true"
My question is what is exposed to the client side?
What parameters do I have to validate?
Does the page act as the handler and use the same security on an ajax request.
For the first example can the handler be secured using forms authentication,
and get access to the current user via Membership.GetUser,
and then to calculate what the handler returns based on the logged in user?
How does the ajax used in coolite compare to the asp.net ajax used by microsoft?
Thanks