How to secure your AJAX target actions from being called directly in PHP and C# .NET
Edit
"How to better secure an AJAX controller action" has been a problem pending to solve in my head for quite sometime. Today as my current project use AJAX also, I have taken sometime google on this topic and found a way to slightly secure my AJAX controller action. This is the article I found How to secure your AJAX target actions from being called directly for Zend Framework projects , a codeigniter version : http://www.crustiz.com/php-jquery/how-to-secure-ajax-controller-codeigniter-php/
When I finished reading those, I thought it ought to have similar feature in C# .NET MVC, and after trying different search keyword combination I found the methods that do the trick "HttpContext.Request.IsAjaxRequest()" (this is the MVC 1.0 style, in MVC 2 or above you can use "Request.IsAjaxRequest()" ), but I also see some threads in stackoverflow talks about HttpContext.Request.IsAjaxRequest() not working well jQuery, but I haven't figure out the version of mvc and jquery of that as Request.IsAjaxRequest() in MVC 4 and jQuery 1.5.1 works well for me.
Some sample code for MVC and jQuery works together : http://www.billsternberger.net/tag/httpcontext-request-isajaxrequest/
You can even make the checking into an actionfilter : http://www.jamie-dixon.co.uk/mvc/replacing-request-isajaxrequest-with-actionfilter/
Some sample code for MVC and jQuery works together : http://www.billsternberger.net/tag/httpcontext-request-isajaxrequest/
You can even make the checking into an actionfilter : http://www.jamie-dixon.co.uk/mvc/replacing-request-isajaxrequest-with-actionfilter/
How to secure your AJAX target actions from being called directly in PHP and C# .NET
![How to secure your AJAX target actions from being called directly in PHP and C# .NET]()
Reviewed by DF
on
8:00:00 PM
Rating: