How can I read the username and password from http GET in .NET MVC controller? I am using a jQuery $.ajax call and I am passing username and password in as a setting.
My end goal is to make a secured jsonp call.
here is how I am making the call in javascript
$("#getSomethingButton").click(function () {
var username = "myusername";
var password = "mypassword";
$.ajax({
url: 'people/getSomething',
username: username,
password: password,
dataType: 'jsonp',
jsonpCallback: 'onGetSomething'
});
});
here is how MVC receives the request
public string GetSomething(string callback)
{
string data = "{data: 'test'}";
return string.Format("{0}({1});", callback, data);
}
if I watch the request in fiddler this is how it looks
http://myusername:mypassword@localhost:29161/people/getSomething?callback=onGetSomething
If and when this is put in production it will be SSL/HTTPS only but of course the query string is not secured by that.
So the question is can I in any possible way secure a password with a jsonp GET request?
Again, be very careful while passing sensitive data using GET