What's a good way to prevent web method abuse?

I've been reading a lot recently about using jQuery to call ASP.NET page methods (decorated with the web method attribute) directly, rather than using ASP.NET update panels for my ajax requirements - and for the most part this makes loads of sense.

My question is, what sort of measu开发者_运维问答res should I or can I take to prevent abuse of public facing methods like this. I appreciate that my current methods are essentially no different, but they at least provide some security through obscurity, which is ultimately what I'd like to achieve.

I haven't really been able to find any articles about this, so I assume either it's not viewed as a security issue, or that there isn't a good solution. Either way, for my own understanding, I'd love to hear people's opinion on the matter, as well as any solutions people could propose.

I am not sure there is much you can do about public facing methods. The important thing to understand here is what do you mean when you say public facing. Is your resource accessible to anybody on the internet or is it accessible only to users of your site who have authenticated themselves? Just because a method is marked as a WebMethod, it does not mean it is accessible to everybody. If you have properly configured authentication and authorization rules in your web.config, you can deny access to anonymous users. I am not sure if that answers your question, but these are some thoughts that come to mind.

Jason see please

MSDN Magazine Building A Secure AJAX Service Layer

MSDN Building Secure Web Services.