Chapter 12. Securing Rich Internet Applications

The introduction of Rich Internet Application (RIA) technologies like Ajax (Asynchronous JavaScript and XML) and Silverlight has brought more responsive and richer user interfaces to Web sites. Previously, responding to a user action on a Web site would require a post request to the server, and then the construction of an entire page for the response.

With Ajax, a Web page can make a request for just the information it wants, without the need for a full form submission or changing the entire page. With Silverlight, requests are sent from the Silverlight component (via the browser's networking function to the server), and responses are processed by the Silverlight application. Server processing is minimized because less data is sent, and there is no need to construct a new page every time.

As with all new technologies, writing an RIA comes at a price — it opens new possibilities for attacks and vulnerabilities.

In this chapter, you will learn about the following:

  • How Ajax works

  • How Silverlight interacts with the Web and the client computer

  • How to use Silverlight's cryptography functions

  • How to use ASP.NET's authentication and authorization with Ajax and Silverlight

  • How using Ajax and Silverlight can increase your attack surface

  • How using third-party data can expose your application to risk

The Ajax discussion in this chapter concentrates on the ASP.NET Ajax libraries and architecture. For the most part, the vulnerabilities are nothing new. Ajax ...

Get Beginning ASP.NET Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.