Hi Guys ,i have a problem in my site,i m having a class which is having ajax functions,problem is that Malicious users can access these ajax functions method using HTTP POST.so that he can do all the task using HTTP POST.
in config file i write following code.
<httpHandlers>
<addverb="POST,GET"path="ajax/*.ashx"type="Ajax.PageHandlerFactory,eAjax"/>
<addverb="POST,GET"path="ajaxpro/*.ashx"type="AjaxPro.AjaxHandlerFactory, AjaxPro"/>
</httpHandlers>
the malicious user use the functions using following Code.
Post
/ajax/al2006.ajaxFunctions,al2006.ashx?_deleteusers&_session=no.
so i want to prevent that problem.so pls give me any suitable solution of this.shall be thankful to all.
Thanks in Advance.
jkyadav
You can use the following line of Code in your Generic handler to check if the User is Authenticated:
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
//Do what you need to do for authenticated users
}
No comments:
Post a Comment