Want to use jQuery JSON to talk to web services - how to secure? - Microsoft IIS Web Server and ASP.NET forum at WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

Want to use jQuery JSON to talk to web services - how to secure?

Json Jquery Security

szlamany

12:22 pm on Mar 3, 2011 (gmt 0)

I'm creating a web app to maintain data using jQuery / ajax / json calls to a web service.

I'm trying to figure out how to secure a Win2003 server using IIS 6.0 in this scenario.

It will be https:

I am finding so much conflicting info on the web - do I need to use SOAP?

Any help would be greatly appreciated.

Ocean10000

3:02 pm on Mar 3, 2011 (gmt 0)

If the requests are all going over https this will at least make everything encrypted. I wouldn't use SOAP for jQuery / ajax / json as it is takes more time and memory to process in javascript. Json was developed for this role.

Reference:
An Introduction to JavaScript Object Notation (JSON) in JavaScript and .NET [msdn.microsoft.com]
Client-Side Web Service Calls with AJAX Extensions [msdn.microsoft.com]

szlamany

10:06 am on Apr 23, 2011 (gmt 0)

I understand how to do the JSON and what not.

Do I need to use WCF and setup all these contracts and such - or are standard web services with my own un/pw-and-return-a-GUID for client identification policies enough?

Or do I need to use WCF to make HTTPS and certs and credentials work properly?

Ocean10000

2:16 pm on Apr 23, 2011 (gmt 0)

Securing the webservice/JSON handler.
It all depends how much the released data can hurt your website if it got out, or if other websites found it and tried to use it.

No you do not need WCF to make Https / Web Server certificate work. As for the credentials it all depends on how you have the security layer wrote for the website, which can effect JSON calls if the webservice is in a protected zone.

szlamany

2:28 pm on Apr 23, 2011 (gmt 0)

It is sensitive medical data on patients.

Where can I get my hands on some good white papers on the subject?