All Questions
Tagged with security asp.net-mvc
926 questions
1
vote
0
answers
18
views
Set-Cookie is being set on redirection in ASP.NET MVC on .NET 4.7.2 . Why?
I am setting SameSite in Startup.Auth.cs like this:
CookiePath = "/; SameSite=Lax",
But for Login action, on redirection; the Set-Cookie value is being automatically set by the framework ...
- 11
0
votes
2
answers
55
views
Securing self-hosted WCF service using custom authentication
I've an ASP.NET MVC web app which is meant to be used within the enterprise. This web app has a custom authentication implementation. The controller functions will call self-hosted WCF services ...
- 305
0
votes
0
answers
83
views
Error: A potentially dangerous Request.Path value was detected from the client (<). Is it concerning?
`/Order/{order_guid}/true<BLOCKED>`
I am getting these errors in my elmah logs in an angular js .net mvc application.
I tried to google about but there is not much information about what it ...
- 57
1
vote
0
answers
236
views
Handling Azure AD Authentication Issue - User Context Cleared on Access Denied Page
I'm currently developing a C# MVC web application with Azure AD integration for security. Upon user login, a set of claims is added to the user's context, all managed by Azure.
However, I've ...
0
votes
1
answer
129
views
How does IIS get data on WindowsPrincipal when using Windows Authentication?
For an internal application using Windows Authentication, I am able to get a WindowsPrincipal object in C# using this code:
var winPrincipal = (WindowsPrincipal)HttpContext.Current.User;
Is this ...
- 3,727
0
votes
0
answers
207
views
Securing AbpServiceProxies/GetAll
Problem description
All the routes (URL(s)) for the API (including parameters to use) are accessible to unauthenticated users by calling this API AbpServiceProxies/GetAll which doesn't require any ...
- 31
0
votes
0
answers
89
views
SSL Certificate Integrate in ASP.NET MVC Static website
ASP.NET MVC Static website developed and deployed, domain and host already taken from Go-Daddy.
Website is up and running no issues in that.
Without SSL:
Now planning to take a SSL Certificate,
...
- 112
0
votes
0
answers
114
views
Unauthorized controller method detected by a bot in ASP.NET MVC
Through my application log, I have noticed the following HttpException has been raised:
"A public action method 'MyMethod' was not found on controller 'MyApp.Controllers.MyController'"
...
- 19
1
vote
0
answers
231
views
Session Cookie Secure in ASP.NET MVC
I have a situation where there is no ASP.NET_SessionId cookie in the response at Application_EndRequest(), but when I inspect and in the network tab I could see ASP.NET_SessionId and its not secured. ...
2
votes
2
answers
5k
views
Adding nonce value to @Scripts.Render ASP.Net MVC razor pages with NWebSec
I am trying to implement Content-Security-Policy with the NWebSec NuGet package
The basic configuration level is working at this moment but trying to add nonce for each script and style in the project....
- 176
0
votes
1
answer
297
views
In Reflected XSS, why do we need to sanitize single quote, double quote, ampersand, and backslash
Based on this article
https://resources.infosecinstitute.com/topic/how-to-prevent-cross-site-scripting-attacks/
Reflected XXS happens when data injected is reflected in the response. I get the idea ...
- 12.4k
0
votes
1
answer
230
views
MS Data Protection API for Query String Protection force same ciphertext for given plaintext
I'm using the Data Protection API to protect my MVC .NET Core 2.2 Web Application against IDOR (Insecure Direct Object Reference) bugs by encrypting the value in the query string.
I have the below ...
- 3
0
votes
0
answers
73
views
ASP.NET MVC 5 Application - XSS Code Security Error
Would you please help fix this security issue
function() {
var data = $('#tbCommitteeMembers').DataTable().row($(this).closest('tr')).data();
var role = $(this).val();...
- 13
0
votes
1
answer
934
views
safe and secure HTTPCookie storage in ASP.NET MVC C# application
I'm using the below class to handle cookies and use them to store/read values in my ASP.NET MVC application (such as shopping cart items, etc.)
1.I want to know if values are stored without any ...
- 10.4k
0
votes
0
answers
240
views
Is there any offline safe method to prevent web-shell uploading in aspnet?
I have a simple page in asp net 5, and users can upload their images there. Valid files are: *.jpg, *.png, so I'm doing steps below to validating the files:
Validating filename length : e.g: file ...
- 459