What security configuration should I use for WCF service?
Hi guys, I have a C# client application; that communicates to C# backend service via WCF. I want to make sure that each WCF call made to the service is from logged in user, I mean logged into my...
View ArticleWCF Security
Hi all, I'm not sure if this is the appropriate forum for my questions but here goes. Suppose I have an app that uses WCF to send and receive text messages and image files across the web, and the...
View ArticleHow to prevent POST and GET parameters collapsed into a single collection in...
I have an asp.net webforms application(.net framework 4.5) running on client's server. A recent security audit indicates that the application collapse the POST and GET parameters into a single...
View Articleinjection pattern
hi,is there any pattern or regex for find SQL-injection request in c#?niafam.com
View ArticleStrange IP Addresses and Service Providers
In my analytics, I'm seeing hits to my websites.Many of them are government IP addresses such as the DOD (Department of Defense)I also have this information that I don't understand[ipv4 address block...
View ArticleSame auth cookie send to different users
Hello,first I want to apology to send new question in Visual Studio General Questions. But I cannot see ASP.NET forum. I would like to ask you if there is someone who solved problem with auth cookie....
View Articleasp button with single click and not multiple clicks
I have a "next" button which gray out after click next so the screen reader read "NEXT IS DISABLED". How can I disable "NEXT IS DISABLED" from screen reader? I tried aria-hidden=true or...
View ArticleAzure DevOps best practices
Hi. What's the most secure way to setup Visual Studio with Azure DevOps? Best case scenario is that my users CAN NOT download code to their personal computers.Thanks for the feedback!
View ArticleForms Authentication cookie is expired too soon
We are setting auth cookie as follows:var authTicket = new FormsAuthenticationTicket ( 1, principal.Email, DateTime.Now, DateTime.Now.AddMinutes(1200), false,...
View ArticleHow to prevent Stored XSS issue with javascript and html injection using...
We have an asp.net application with lots of .aspx forms and it was built using .net framework 4.0We have a form where user can enter text in the textbox and we are validating the textbox with...
View ArticleColumn encryption as part of vulnerability scanning of ASP.Net project
My project has to be scanned by software called 'Checkmarx', and it lists out vulnerabilities and how to fix them. One of them is "Missing_Column_Encryption" and...
View ArticleClik here to view.
JQuery.Unobtrusive-Ajax.js detected as JavaScript Hijacking: Vulnerable...
HiHi, I'm using JQuery.Unobtrusive-Ajax.js for our MVC apps. It makes development faster and easier. But when we're doing security scan (OWASP) using fortify, it detected as a low vulnerable on line...
View ArticleC# Aes Crypto implementation to Javascript
I have a Rijndael based c# code. I try to encrypt in c# Rijndael and decrpt in javascript(CryptoJS). But i cant match the encrypted values. I try lots of things but nothing worked.Here is my c# code:...
View ArticleDot Net Core 2.2 Sign Out issue
Have .Net Core 2.2 MVC application and integrated with Azure AD for userAzure AD. User authentication and sign out is working as expected.But if we copy the cookies AspNetCore.AzureADCookie,...
View ArticleInsecure Transport Vulnerability (LUCKY13 - Potentially vulnerable and BREACH...
I am working as a full stack developer. Following vulnerability reported by our security team.Environment - IIS 7, ASP.NET Web Pages, ASP.NET MVC, .NET framework 4.6Any hint or resources to address...
View ArticleMicrosoft.Security.Application.Sanitizer.GetSafeHtmlFragment is not removing...
Hello,I need to remove img tag also from GetSafeHtmlFragment function but it's not removing.Does any one have idea how to remove to img tag? Is there any whitelist or black list?Can we make our...
View ArticleWhich user account to use
Hello there,In my .net MVC web application, users can upload and download files. The web application runs on ServerX but since it doesn't have enough disk space, the uploaded files are stored in a...
View Articlejquery directory not found when these response.headers are in code (in prod)
Hello,I am using .NET Core 2.2 - MVC Framework. I had but this security code which works well in dev, but in prod it does not seem to read the jquery lib and throws off the whole page. if I remove it,...
View ArticleHow to prevent Cross-Site Scripting (XSS) in ASP.NET Core?
There is a link for preventing XSS in .Net Core 2.1.It uses some code like below which I don't understand it at all.services.AddSingleton<HtmlEncoder>( HtmlEncoder.Create(allowedRanges: new[] {...
View Articlehow to encrypt and decrypt password in asp.net while using MondoDB ??
I'm making a login page with MongoDB as database , But I am not understanding how to encrpt and decrypt password . can anyone help ??
View Article