Chapter 12. Securing Rich Internet Applications
The introduction of Rich Internet Application (RIA) technologies like Ajax (Asynchronous JavaScript and XML) and Silverlight has brought more responsive and richer user interfaces to Web sites. Previously, responding to a user action on a Web site would require a post request to the server, and then the construction of an entire page for the response.
With Ajax, a Web page can make a request for just the information it wants, without the need for a full form submission or changing the entire page. With Silverlight, requests are sent from the Silverlight component (via the browser's networking function to the server), and responses are processed by the Silverlight application. Server processing is minimized because less data is sent, and there is no need to construct a new page every time.
As with all new technologies, writing an RIA comes at a price — it opens new possibilities for attacks and vulnerabilities.
In this chapter, you will learn about the following:
How Ajax works
How Silverlight interacts with the Web and the client computer
How to use Silverlight's cryptography functions
How to use ASP.NET's authentication and authorization with Ajax and Silverlight
How using Ajax and Silverlight can increase your attack surface
How using third-party data can expose your application to risk
The Ajax discussion in this chapter concentrates on the ASP.NET Ajax libraries and architecture. For the most part, the vulnerabilities are nothing new. Ajax ...
Get Beginning ASP.NET Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.