Whitelist a particular IP range in IIS
Hi Guys,I have a ASP.Net web application. I want users from only specific IPs access it.So, I am trying to whitelist a specific IP range in IIS for this particular application. Has anyone done this...
View ArticleClik here to view.
I want to report about a bug in AspNet.Identity
HowdyDear Bill Gates,I found a security bug in aspnet.Identity that microsoft use in asp.net mvc and I want to report it. The bug is as following:Assume you open any browser for example (IE11) to a...
View ArticleNo HTML decode w/ AntiXss?
Hi,In AntiXss, I see HTML encode but no decode. Do I just use the regular htmldecode under HttpContext?
View ArticleWhat's the right way of passing data from jQuery ajax to an action method?
Hi,In my MVC app, I read data from a form using javascript and make a jQuery ajax call to my action method.I'm testing sending data containing HTML tags in it but my action method is generating error...
View ArticleASP.NET 4.5 and MaxHttpCollectionKeys limit
Does ASP.NET 4.5 still throw an exception when MaxHttpCollectionKeys is exceeded?We have an ASP.NET web forms page that may submit more than 1000 form items and we previously had to increase the...
View ArticleStop users navigating directly to a resource via IIS
Not 100% sure if this is the correct forum but I have the following question. If I am storing uploaded videos in a folder how do I secure the videos. I need to do two things. Firstly users should only...
View ArticleHow to send encrypted value of a textbox from client end to server end using...
While sending password value from client side to server side i need to encrypt textbox value using javascript and receive that encrypted value in the server side. Here in the link...
View ArticleAlternative to using div.InnerHtml to prevent XSS issues in ASP.NET
Hi,My existing ASP.NET web application uses a div (set to runat="server") to show disclaimers. This is set using div.InnerHtml property. These disclaimers contain <b>, <br/> tags to show...
View ArticleWebservice help page disclosure.
I want to hide the WSDL or other service related information to unauthorized users. When a user requests the wsdl using the uri like XXX.svc?wsdl, the user needs to be verified before the information...
View ArticleHttp Referer Validation
We are using Page Refererlike thisHttpContext.Current.Request.ServerVariables("HTTP_REFERER")but this code working properly in IE only we need multi browserThanks in AdvanceMaheswaran Sankarappan R
View ArticleHow to decode a string that is encoded using Encoder.Javascriptencode in...
HI Every one,I have a java script method that accepts two parameters. From code behind I am registering that method as a startup script (using ClientScript.RegisterStartupScript) by passing user input...
View ArticleFind security holes in asp.net website or web appliction
Find security holes in asp.net website or web applictionHi allI am looking for some tools to test my website security issues. Is there any one?Appreciate for kindly helps
View Articleprevent from direct browsing and seeng folder names
HiI am selling some eBooks on my website. I did a lot of works to protect them from direct browsing and accessing them by the malicious users. Any try to access the files directly is forbidden now.My...
View ArticleHow Do I retrieve browser SSL certificate information ? (client's browser...
Hello,How Do I retrieve browser SSL certificate information ?I mean I want to know, what SSL client's browser using ,Help me out Thanksmax
View ArticleEncrypted SAML token from ADFS
I need your help on how to configure the MVC application so it can accept the encrypted SAML token return by ADFS.As background, I use ADFS as an identity provider in MVC web app and it works well...
View ArticleWindows authentication with custom user/role tables
Im getting ready to start a new web app and will be using windows authentication. I dont want to use the membership schema, and already have set of sql tables that have users and roles to check who is...
View ArticleIIS7 configuration error has occurred.
Can someone help me, I have a problem with IIS7 configuration ci'dessous the event message:Journal Name: Application Source: ASP.NET 4.0.30319.0 Date: 27/01/2014 10:37:08 Event ID : 1310 Task Category...
View ArticlePartial ASP.NET trust levels best security practice
I am currently updating the CIS IIS (and ASP.NET) benchmarks.Around I am reading constant confusing to misleading advice around partial trust.Most of this seems to relate...
View ArticleAsp.Net IT security issues.
Dear All,One of my client to whom I have given asp.net web application and is hosted on HTTP in Abbys server, while going through the IT security check they provided me the list of issues in...
View ArticleASP.NET MVC AntiForgeryToken not bound to Session and does not have integrity...
I have been developing a web application where security is one of the highest priorities. We have been using the MVC built in AntiForgeryToken to prevent CSRF attacks. So far we have believed that it...
View Article