开发者

How to prevent CSRF attack in asp.net webform?

问答 作者:

How to prevent CSRF (Cross-site Request Forgery) attack in ASP.NET WebForms?

Is there anythin开发者_运维技巧g like [ValidateAntiForgeryToken] in ASP.NET MVC?

When you are talking about protecting the ViewState, there is the 'ViewStateUserKey', which you can use.

Basically you need to use a specific key per user, that is derived from the ASP.NET Session. Here's an example:

/// <summary>
///     Raises the <see cref="E:System.Web.UI.Control.Init" /> event to initialize the page.
/// </summary>
/// <param name="e">
///     An <see cref="T:System.EventArgs" /> that contains the event data.
/// </param>
protected override void OnInit(EventArgs e) {
    base.OnInit(e);

    // Validate whether ViewState contains the MAC fingerprint
    // Without a fingerprint, it's impossible to prevent CSRF.
    if (!Page.EnableViewStateMac) {
        throw new InvalidOperationException("The page does NOT have the MAC enabled and the view state is therefore vulnerable to tampering.");
    }

    ViewStateUserKey = Session.SessionID;
}

You can learn more e.g. from the Microsoft Docs.

继续阅读:webforms

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9