Post data with jQuery to ASP.net, am I doing this secure enough?

Posted by Wim Haanstra on Stack Overflow See other posts from Stack Overflow or by Wim Haanstra
Published on 2010-05-28T08:57:49Z Indexed on 2010/05/28 9:02 UTC
Read the original article Hit count: 178

Filed under:

ASP.NET

|

jQuery

|

security

For a website I am building, I am using jQuery to post data to Generic Handlers I created for this purpose.

Because you need to be logged in, to do most post actions (like 'rate a picture'), I am currently using the following technique:

User visits page
Page determines if user is logged in
On Page_Load the page fills a hidden field with an encrypted string, which contains several needed variables, like User ID, Picture ID (of the picture they are currently viewing), the DateTime when the page was rendered.
When the user clicks a "I like this picture"-button, I do a $.ajax post to my Generic Handler, with the encrypted string and the value whether or not they liked the picture.
The Generic Handler decrypts the supplied encrypted string and takes a look at the DateTime to determine if it was not too long ago
When everything works out, the vote is submitted to the database.

In my understanding this is a pretty secure way to handle a situation like this. But maybe I am missing a very important point here.

Any advice would be very welcome.

© Stack Overflow or respective owner

Related posts about ASP.NET

Migrating ASP.NET MVC 1.0 applications to ASP.NET MVC 2 RTM

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Note: ASP.NET MVC 2 RTM isn’t yet released! But this tool will help you get your ASP.NET MVC 1.0 applications ready for when it is! I have updated the MVC App Converter to convert projects from ASP.NET MVC 1.0 to ASP.NET MVC 2 RTM. This should be last the last major change to the MVC App Converter… >>> More
April 14th Links: ASP.NET, ASP.NET MVC, ASP.NET Web API and Visual Studio

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Here is the latest in my link-listing blog series: ASP.NET Easily overlooked features in VS 11 Express for Web: Good post by Scott Hanselman that highlights a bunch of easily overlooked improvements that are coming to VS 11 (and specifically the free express editions) for web development: unit… >>> More
Use ASP.NET 4 Browser Definitions with ASP.NET 3.5

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
We updated the browser definitions files included with ASP.NET 4 to include information on recent browsers and devices such as Google Chrome and the iPhone. You can use these browser definition files with earlier versions of ASP.NET such as ASP.NET 3 Read More......(read more) >>> More
ASP.NET webforms + ASP.NET Ajax versus ASP.NET MVC and Ajax framework freedom

as seen on Stack Overflow - Search for 'Stack Overflow'
If given the choice, which path would you take? ASP.NET Webforms + ASP.NET AJAX or ASP.NET MVC + JavaScript Framework of your Choice Are there any limitations that ASP.NET Webforms / ASP.NET AJAX has vis-a-vis MVC? >>> More
ASP.NET MVC 2 Released

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I’m happy to announce that the final release of ASP.NET MVC 2 is now available for VS 2008/Visual Web Developer 2008 Express with ASP.NET 3.5. You can download and install it from the following locations: Download ASP.NET MVC 2 using the Microsoft Web Platform Installer Download… >>> More

Related posts about jQuery

Microsoft and jQuery

as seen on West-Wind - Search for 'West-Wind'
The jQuery JavaScript library has been steadily getting more popular and with recent developments from Microsoft, jQuery is also getting ever more exposure on the ASP.NET platform including now directly from Microsoft. jQuery is a light weight, open source DOM manipulation library for JavaScript that… >>> More
An Introduction to jQuery Templates

as seen on Stephen Walter - Search for 'Stephen Walter'
The goal of this blog entry is to provide you with enough information to start working with jQuery Templates. jQuery Templates enable you to display and manipulate data in the browser. For example, you can use jQuery Templates to format and display a set of database records that you have retrieved… >>> More
Ajax Control Toolkit December 2013 Release

as seen on Stephen Walter - Search for 'Stephen Walter'
Today, we released a new version of the Ajax Control Toolkit that contains several important bug fixes and new features. The new release contains a new Tabs control that has been entirely rewritten in jQuery. You can download the December 2013 release of the Ajax Control Toolkit at http://Ajax.CodePlex… >>> More
jQuery show "loading" during slow operation

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm trying to show a small loading image during a slow operation with jQuery and can't get it right. It's a BIG table with thousands of rows. When I check the "mostrarArticulosDeReferencia" checkbox it removes the "hidden" class from these rows. This operation takes a couple of seconds and I want… >>> More
Tracking download of non-html (like pdf) downloads with jQuery and Google Analytics

as seen on Developer IT - Search for 'Developer IT'
Hi folks, it’s been quite calm at Developer IT’s this summer since we were all involved in other projects, but we are slowly comming back. In this post, we will present a simple way of tracking files download with Google Analytics with the help of jQuery. We work for a client that offers… >>> More