I have a Web Service that I used it to Authenticate Users:
public bool ValidateUser(string username, string password,bool rememberMe)
{
if(Membership.ValidateUser(username, password))
{
FormsAuthentication.SetAuthCookie(username, rememberMe);
return true;
}
return false;
}
And I call it from client via jQuery:
function validateUser() {
var username = $('#<%=UserName.ClientID %>').val();
var pass =$('#<%=Password.ClientID %>').val();
$.ajax({
type: "POST",
url: "Services/LoginService.asmx/ValidateUser",
data: "{'username ':'" + username + "','password':'" + pass + "','rememberMe':'" + $('#<%=chbRememberMe.ClientID %>').attr('checked') + "'}",
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function(data, status) { OnSuccessLogin(data, status); },
error: OnErrorLogin
});
}
now I think it’s open to denial-of-service attacks and a hacker can call the web service many times to slow down the server.
Is there a way to secure it?
I think I found a good way:
Prevent Denial of Service (DOS) attacks in your web application