I am using wcf services for interaction between my javascript files and server side.
I am concerened about security around this as anyone can call these services via an application, firebug etc.
So I want to secure my 开发者_JAVA百科web services to only be accessible from specified sources, for example the javascript files on my site - ie. the main function why I have wcf services.
I am running on the .net 3.5 framework in a c# web application.
Could anyone assist my securing my wcf services as outlined above?
If this is a combination of javascript and server side , you can probably generate a Key from the server side and store it in the javascript variable and pass again to the WCF webservices.
Kobe's answer of generated request keys is definitely one possible way. Given that your services are running on the same machine as your UI code, another way to limit access would be to set them up as regular services and not Web Services. That is of course assuming you don't need them to be Web Services.
Check out the cool work that the WCF team has done/ is doing with jQuery and WCF.
精彩评论