jqueryasp.net-mvcasp.net-mvc-2jsonp

How to read username and password from http GET in .NET MVC controller?


How can I read the username and password from http GET in .NET MVC controller? I am using a jQuery $.ajax call and I am passing username and password in as a setting.

  1. Is this secure?
  2. If my server is ASP.NET MVC 2 how can I retrieve the username and password from the request?

My end goal is to make a secured jsonp call.

here is how I am making the call in javascript

    $("#getSomethingButton").click(function () {
        var username = "myusername";
        var password = "mypassword";
        $.ajax({
            url: 'people/getSomething',
            username: username,
            password: password,
            dataType: 'jsonp',
            jsonpCallback: 'onGetSomething'
        });
    });

here is how MVC receives the request

public string GetSomething(string callback)
{
    string data = "{data: 'test'}";
    return string.Format("{0}({1});", callback, data);
}

if I watch the request in fiddler this is how it looks

http://myusername:mypassword@localhost:29161/people/getSomething?callback=onGetSomething

If and when this is put in production it will be SSL/HTTPS only but of course the query string is not secured by that.

So the question is can I in any possible way secure a password with a jsonp GET request?


Solution

  • Again, be very careful while passing sensitive data using GET