Remove From My Forums

Keeping Private key secure

Question
0

Sign in to vote

User-1799376286 posted

I am willing to implement the Public, private key scenario discussed in the article below and used by Amazon:

http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/comment-page-1/#comment-613118

One confusion : I need to call the wcf web service from client side using Jquery/Javascript, how can I securely combine the parameters with the private key and keep it private? Anyone will be able to read the javascript and discover the private key..

Wednesday, June 12, 2013 7:16 AM

Answers

0

Sign in to vote
User-488622176 posted

It is very hard to secure jscript code. Why would you directly call the secured service from jquery? An alternative would be calling a controller method (are you using MVC?), that invokes the WCF service. This would allow you to store the key in session state, which is a little harder to hack.
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Wednesday, June 12, 2013 3:55 PM

All replies

0

Sign in to vote

User-257383369 posted

This could address you security concern:

http://forums.asp.net/t/1899168.aspx/1?Securing+web+service+with+jQuery+Call

Wednesday, June 12, 2013 7:37 AM
0

Sign in to vote

User-1799376286 posted

Nareshbct

This could address you security concern:

http://forums.asp.net/t/1899168.aspx/1?Securing+web+service+with+jQuery+Call

It doesnt answer my question.

Wednesday, June 12, 2013 7:46 AM
0

Sign in to vote
User-488622176 posted

It is very hard to secure jscript code. Why would you directly call the secured service from jquery? An alternative would be calling a controller method (are you using MVC?), that invokes the WCF service. This would allow you to store the key in session state, which is a little harder to hack.
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Wednesday, June 12, 2013 3:55 PM