I have a public facing website that is developed with ASP.NET MVC 3. The

Question

0

Asked: May 21, 20262026-05-21T00:09:03+00:00 2026-05-21T00:09:03+00:00

I have a public facing website that is developed with ASP.NET MVC 3. The

0

I have a public facing website that is developed with ASP.NET MVC 3. The MVC application contains controllers with actions that return JSON. The web pages execute AJAX requests against the actions that return JSON.

Even though the data that is published with the JSON action is not sensitive, it is proprietary, and I’m concerned that anybody can call the actions that return JSON through cross domain calls or custom applications. Is there a way to only allow my MVC application webpages access to the actions that return JSON? Does ODATA provide any benefits for solving this problem?

Does anyone know of resources that describes this issue as a liability and how to solve it?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-21T00:09:04+00:00

Editorial Team

2026-05-21T00:09:04+00:00Added an answer on May 21, 2026 at 12:09 am

If your application is public, then its more tricky. There’s the ValidateAntiForgeryToken attribute which can help against XSS and random requests.

If you have a password protected site, use the Authorize attribute.

OData has the same set of problems the MVC site would have.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a public facing website that is developed with ASP.NET MVC 3. The

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply