ASP.NET and WCF JSON service endpoints actually wrap their JSON in an object with the “d” property to circumvent a subtle potential security flaw when using JSON
Phil Haack's post on this: http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx
This was introduced from ASP.NET3.5. If you want msg to work in both frameworks before and after 3.5, just try this small hack.
var data = msg.hasOwnProperty("d") ? msg.d : msg;
Courtesy Dave Ward: Never worry about ASP.NET AJAX’s .d again