securing a web service

aderson@dnnhero.com | 1-855-DNN-HERO

Forum

Search Home

Home

Premium

Development

securing a web service

2/25/2015 3:03 AM

Stephen

Joined: 7/29/2012

Posts: 403

Re: securing a web service

Hello Scott,

The link I included in my previous post was for DNN 6, here's some information for 7:
http://www.dnnsoftware.com/wiki/page/services-framework-webapi

setModuleHeaders that applies the anti-forgery token.

I should probably watch the video again :-)

Could you please advise on testing? Use Fiddler to change the token and ensure that the call fails?

Best Regards,

Steve

3/1/2015 2:18 PM

Scott Wilkinson

Joined: 5/17/2013

Posts: 118

Re: securing a web service

Steve,

I usually only secure my services using the SupportedModules and validate the antiforgery token. You can create a test harness for your service using Fiddler or SoapUI where you recreate how your ajax inside your module would post data to your service. It should result in a 400-level http error (either 401 or 403) because of the lack of valid anti forgery token or module name.

3/2/2015 6:43 AM

Stephen

Joined: 7/29/2012

Posts: 403

Re: securing a web service

Hi Scott,

Thank you for your reply.

Once i know something is achievable and seems reasonable it's much easier to do the learning required :-)

Thank you for the SoapUI tip as well.

Best Regards,

Steve

Page 2 of 2

Home

Premium

Development

securing a web service

JOIN NOW JOIN NOW Try FREE
30 days money back guaranteed