? orus casino? bodog? ruleta? luckia? betano? sportium? spin casino? stakes? 3 reyes? 888? lottoland? coolbet? 777 casino? gana777? betfair? bwin? yak casino? ivy casino? oddschecker? red casino? netbet? william hill? vip casino? rey casino? marathonbet? dafabet? sol casino? 1bet? winland? bet777? parimatch? 18bet? 888casino? campobet? mostbet? ganabet? rushbet? betcris? betsson? lucky? novibet? winner? winpot? betmaster? betmexico? cancun? playcity? strendus? pokerstars? codere? caliente? fun88? bbrbet? 1win? 10bet? betway? pin up? spinbet? 7cslot? pickwin? spin bet? mr fortune? w88? pragmatic? gamdom? crasher? jojobet? betmex? bcasino? foliatti? winner mx? bets 10? big bola? bet master? inbet? 7slots? lucky day? m777? mexplay? luckydays? bet caliente? 1x? plinko

   aderson@dnnhero.com   |      1-855-DNN-HERO

Forum

Forum


HomeHomePremiumPremiumDevelopmentDevelopmentsecuring a web servicesecuring a web service
Previous
 
Next
New Post
2/25/2015 3:03 AM
 
Stephen
7th Level Poster

Joined: 7/29/2012
Posts: 403

Hello Scott,

 

The link I included in my previous post was for DNN 6, here's some information for 7:
http://www.dnnsoftware.com/wiki/page/services-framework-webapi

 

setModuleHeaders that applies the anti-forgery token. 

 

I should probably watch the video again :-)

 

Could you please advise on testing? Use Fiddler to change the token and ensure that the call fails?


Best Regards,

Steve
 
New Post
3/1/2015 2:18 PM
 
Scott Wilkinson
10th Level Poster


Joined: 5/17/2013
Posts: 118

Steve,

I usually only secure my services using the SupportedModules and validate the antiforgery token.  You can create a test harness for your service using Fiddler or SoapUI where you recreate how your ajax inside your module would post data to your service.  It should result in a 400-level http error (either 401 or 403) because of the lack of valid anti forgery token or module name.
 
New Post
3/2/2015 6:43 AM
 
Stephen
7th Level Poster

Joined: 7/29/2012
Posts: 403

Hi Scott,

Thank you for your reply.

Once i know something is achievable and seems reasonable it's much easier to do the learning required :-)

Thank you for the SoapUI tip as well.

Best Regards,

 

Steve
 
 Page 2 of 2
Previous12 
Previous
 
Next
HomeHomePremiumPremiumDevelopmentDevelopmentsecuring a web servicesecuring a web service



Try FREE
30 days money back guaranteed


About Us
The Cape
The Cape

This is Aderson Oliveira and I'm the Chief Editor of DNNHero. First why "DNNHero". If you think I'm just a self-indulgent individual, maybe you are right :). But this was not the case. This came from a good friend of mine, Carole Martin. Back then we were working on many DNN projects together and whenever she was having a problem she used to say that she needed her "DNN Hero" referring to me. How nice! She even give me a super hero cape!

So when I decided to start recording my learning adventures on DNN, I went to check if the domain "DNNHero.com" was available. It was, so here we are.

Back in 2010 I have decided to focus my time and efforts on spreading the word about CMS platforms, DNN in particular .

I hope you enjoy DNNHero and please feel free to send me your feedback.

Contact Us
*
*
Captcha:
Copyright 2010-2026 by Wayout Corp. | Privacy Statement | Terms Of Use | Google | Aderson | The SoloCoder Podcast