Menu
This is kind of confusing me. I would assume the webmethod would follow the same authorization rules set in the web.config as the page it is on. Will it execute the normal page lifecycle first? In my case there is extra logic in a basepage that checks further permissions. Will this logic be executed before the webmetod is called to prevent access from users not permitted to access that page?
961
A webmethod must be static and it does not follow the normal ASP.NET lifecycle.
In a webmethod, you can't access the session or the controls on the page.
Since it won't go through all the events, I don't think your PreInit will be called so you won't be able to restrict access through that.
97
Bottom line is a web method is much less secure than using the tradition asmx web method. Even though you may have the method hanging of /default.aspx/MyWebMethod, it will not take on any of the built in forms security and can be called from anywhere in your application.
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
