Secure Http Handler

Hi

I am writing an http handler for sharepoint 2010 application with anonymous access enabled, I want to query a sharepoint list and http handler will be used to receive request from jquery.

Everything working fine, application is configured for anonymous users, If I type handler url directly in the browser I can still see list items, Is there any way to check/restrict http handler to service request only if coming from web application?

If user type directly in the browser I don't want to show anything, or even if url is called from another application I don't want to return any result.

July 25th, 2015 7:24pm

You could add a custom authentication header in your jQuery AJAX request, and read that header in your HTTP Handler. It's still no security though, anyone who checks that JavaScript can simulate that request of course.

As your HTTP Handler is anonymous, there's no way to secure this properly if that's your requirement. But by using a custom header, you can fulfil above requirement.

Free Windows Admin Tool Kit Click here and download it now
July 26th, 2015 9:00pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics