locked
Security Concern of Ajax JQuery form submission. RRS feed

  • Question

  • User-1858220497 posted

    Hi

    Security Concern of Ajax JQuery form submission.

    I want to use Ajax and Jquery with Asp.Net Web methods based on this tutorial.

    Is it safe to post data in this way?

    What is the most secure way of using Ajax and Jquery Post?

    Here is the code:

    $(function () {

            $("[id*=btnSave]").bind("click", function () {

                var user = {};

                user.Username = $("[id*=txtUsername]").val();

                user.Password = $("[id*=txtPassword]").val();

                $.ajax({

                    type: "POST",

                    url: "Default.aspx/SaveUser",

                    data: '{user: ' + JSON.stringify(user) + '}',

                    contentType: "application/json; charset=utf-8",

                    dataType: "json",

                    success: function (response) {

                        alert("User has been added successfully.");

                        window.location.reload();

                    }

                });

                return false;

            });

        });

     Thank you for attention

    Monday, August 29, 2016 4:08 PM

Answers

All replies

  • User-491950272 posted

    Greetings,

    The tutorial you are following is a very basic example of form submission in the database. As a beginner, jQuery is executed in the browser, and from a security point of view, the browser is always untrusted no matter how much JavaScript do you use, it's always under control of the attacker. Security issues has to implemented on the server side. It's a common mistake beginners do, to place security checks in the JavaScript part and let the server trust it.

    Here are the some links that you can use while using form submission:

    Preventing Cross-Site Forgery Attacks

    Creating a Secure Web Forms App

    Monday, August 29, 2016 5:08 PM
  • User-1858220497 posted

    My project is Web Application, Also your answer is less relevant to my question.

    The tutorial you are following is a very basic example of form submission in the database

    So Wat is the best Ajax Jquery form submission with webforms!?

    Monday, August 29, 2016 7:50 PM
  • User1724605321 posted

    Hi koohbor323,

    You'd better not rely on any actions or data coming from client side, not only related to jQuery.

    You must handle every kind of security concerns on your server side. Always double check data coming from user (one is on client side for decreasing number of requests for performance; and the other is on server side for actual confirmation).

    That's why we use authentication and authorization handling in your server side code . Please refer to below article for server side solution - ASP.NET Identity :

    http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity 

    Best Regards,

    Nan Yu

    Thursday, September 1, 2016 6:46 AM
  • User-1858220497 posted

    Thank you Nan Yu

    I know about Membership

    Nan Yu

    That's why we use authentication and authorization handling in your server side code . Please refer to below article for server side solution - ASP.NET Identity :

    My basic question is What is the best Ajax Jquery form submission?

    With Generic handlers? with WebMethod? with webservice? which one is better ?

    Thursday, September 1, 2016 9:01 AM
  • User1724605321 posted

    Hi koohbor323,

    Please refer to http://www.mikesdotnetting.com/article/104/many-ways-to-communicate-with-your-database-using-jquery-ajax-and-asp-net 

    In Summary section , you will find  which one should you use and when .

    Best Regards,

    Nan Yu

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, September 1, 2016 9:25 AM