Home/ Questions/Q 621063
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T18:49:59+00:00

I have a basic JsonResult method that is being called by a jQuery $.ajax

  • 0

I have a basic JsonResult method that is being called by a jQuery $.ajax call in my view.

    [AcceptVerbs(HttpVerbs.Post)]
    public JsonResult DoWork(string param1)
    {
        // do something important 

        return Json();
    }

So my question is, could this method be called/hacked and passed erroneous data? Let’s say it was to create a new user int the system. Could I fake out a call to this method? Should I some how be protecting this method using some kind of Anti-forgery token or anything?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes, you should protect it. Anyone can call this method, and pass any value they want. You should always distrust the data you receive.

    You could ofcourse secure it using the Authorize-attribute:

    [Authorize(Roles='...')]

    or use any other method to identify and authorize the user.

    Edit:

    Previous link wasn’t working anymore. For more information about the anti-forgerytoken in Ajax, check this SO-question: jQuery Ajax calls and the Html.AntiForgeryToken()

    I haven’t tested this though.

    • 0