Securing ATLAS Web Services?

28 August 2006
The Microsoft ATLAS Ajax framework makes heavy use of web services to get data from the server to display on a page via JavaScript. I implemented some ATLAS pages in a web that uses a custom form based authentication method. I'm using the session state to keep track of the currently logged on user. For the ATLAS web services this didn't work because I got exceptions when accessing the session object.

So for a while I was running with unsecured web service methods, checking the referrer server variable is in no way a secure method. But somehow I ran into the EnableSession property of the WebMethod attribute. By default web methods for performance reasons don't have access to the session state. By setting:
[WebMethod(Description = "method description",EnableSession=true)]      
this changes and I can now access my authentication object to check for the current user.

This should also work for other authentication methods like the ones built into

Pages in this section


ASP.Net | Community | Development | IIS | IT Pro | Security | SQL (Server) | Tools | Web | Work on the road | Windows