Forum


HomeHomePremiumPremiumDevelopmentDevelopmentsecuring a web servicesecuring a web service
Previous
 
Next
New Post
2/25/2015 3:03 AM
 

Hello Scott,

 

The link I included in my previous post was for DNN 6, here's some information for 7:
http://www.dnnsoftware.com/wiki/page/services-framework-webapi

 

setModuleHeaders that applies the anti-forgery token. 

 

I should probably watch the video again :-)

 

Could you please advise on testing? Use Fiddler to change the token and ensure that the call fails?


Best Regards,

Steve

 
New Post
3/1/2015 2:18 PM
 

Steve,

I usually only secure my services using the SupportedModules and validate the antiforgery token.  You can create a test harness for your service using Fiddler or SoapUI where you recreate how your ajax inside your module would post data to your service.  It should result in a 400-level http error (either 401 or 403) because of the lack of valid anti forgery token or module name.

 
New Post
3/2/2015 6:43 AM
 

Hi Scott,

Thank you for your reply.

Once i know something is achievable and seems reasonable it's much easier to do the learning required :-)

Thank you for the SoapUI tip as well.

Best Regards,

 

Steve

 
Previous
 
Next
HomeHomePremiumPremiumDevelopmentDevelopmentsecuring a web servicesecuring a web service



Try FREE
30 days money back guaranteed