Last post Jul 09, 2015 10:25 AM by 2xo1
Jul 08, 2015 03:05 PM|2xo1|LINK
asp.net.4.5 web-form, application.
using the built in membership provider form authentication (without SSL).
is it will be less secure if i will post ajax to that same aspx page rather than using web api?
having the benefit of:
same origin policy,
could check the referer,
on top of having that page with all user credentials.
Jul 09, 2015 09:57 AM|PatriceSc|LINK
Basically it should make no difference (it is still the same origin and you can use the same authentication etc...).
Decide first on what makes sense from a design point of view:
- if this is an API that makes sense only for this page you could use a page method and if could be used from multiple pages it would make sense to expose this as a general API
Jul 09, 2015 10:25 AM|2xo1|LINK