locked
Safe SPA RRS feed

  • Question

  • User-1350516731 posted

    I made a site which approaches under SPA determination. But it loads different actions of the controler on ajax, i.e. the user can address to separate action of the controler, having simply entered it in an address line. How to make such action of the user safe for application and other users? Any councils will be useful.

    Wednesday, August 28, 2013 3:09 PM

Answers

  • User-105429085 posted

    Authentication and authorization needed for sure. 

    In VS2012 SPA template, we use hybrided approach with MVC and webapi to solve the authenication problem.  Also see http://www.asp.net/single-page-application/overview/templates/backbonejs-template which offers a webapi/SPA only solution.

    In VS2013 preview and the upcoming VS2013 RC SPA template, we use webapi only approach as well, check them out for some basic ideas.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 29, 2013 2:17 PM

All replies

  • User-105429085 posted

    Authentication and authorization needed for sure. 

    In VS2012 SPA template, we use hybrided approach with MVC and webapi to solve the authenication problem.  Also see http://www.asp.net/single-page-application/overview/templates/backbonejs-template which offers a webapi/SPA only solution.

    In VS2013 preview and the upcoming VS2013 RC SPA template, we use webapi only approach as well, check them out for some basic ideas.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 29, 2013 2:17 PM
  • User1080785583 posted

    if the user can change the url and affect the application you must check if the user has access to the resource. 

    Friday, September 13, 2013 5:32 PM