sjlewis
Reputation: 780
How to ensure that only allowed domains can call C# from Javascript
I noticed some samples flying around using [PermissionSet(SecurityAction.Demand, Name="FullTrust")] on classes used for webBrowser1.ObjectForScripting. Why is this used and not LinkDemand?
Also to put another layer of security, how can I ensure that only pages from allowed domains can execute code in the scripting object?
Upvotes: 1
Views: 97
Answers (1)
Rami A.
Reputation: 10602
You can read the documentation to learn the differences between Demand and LinkDemand:
SecurityAction Enumeration
Here is a Microsoft support article with sample code that allows you to get the url of the web page hosting the ActiveX Control:
How To Retrieve the URL of a Web Page from an ActiveX Control
Upvotes: 1
Related Questions
- How to prevent script loading in different domain
- how to restrict cross origin request for other domains using CORs
- Protect Web API from Cross-Origin requests
- How to protect asp.net application to run only on specified domain?
- How to stop other website to send cross domain ajax requests?
- How to Secure ASP.NET Web API with Cross Domain AJAX Calls?
- Is it possible to create a javascript api that only allows certain domains to call it
- Restricting access to IP of web server when request is from JavaScript
- How to limit the domains that can call my page/web service
- Block cross domain calls to asp.net .asmx web service