How do you protect Web Services when using it as JSON via Jquery?
Question
I currently use asmx for Json transactions using Jquery.
How do I protect it from being accessed across other websites and make it exclusive only through my domain?
Solution
Ensure the requestor has:
- HTTP_REFERER set to your site; and
- a valid cookie for your site.
This will prevent the behaviour that is most akin to hotlinking. However if a site uses an HTTP library to use your Web service and it's public there's not a lot you can do beyond IP throttling and similar techniques.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow