Securing ATLAS Web Services?

28 August 2006
The Microsoft ATLAS Ajax framework makes heavy use of web services to get data from the server to display on a page via JavaScript. I implemented some ATLAS pages in a web that uses a custom form based authentication method. I'm using the asp.net session state to keep track of the currently logged on user. For the ATLAS web services this didn't work because I got exceptions when accessing the session object.

So for a while I was running with unsecured web service methods, checking the referrer server variable is in no way a secure method. But somehow I ran into the EnableSession property of the WebMethod attribute. By default web methods for performance reasons don't have access to the session state. By setting:
[WebMethod(Description = "method description",EnableSession=true)]      
this changes and I can now access my authentication object to check for the current user.

This should also work for other authentication methods like the ones built into asp.net.

Pages in this section

Categories

ASP.Net | Community | Development | IIS | IT Pro | Security | SQL (Server) | Tools | Web | Work on the road | Windows