Re: ASP.net { or any web application } security



Well - you could generate one-time IDs that are only valid for a short period of time - you could append these to links as a query string.

An HttpModule could check the appended IDs for validity...


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Hi all,

I'm wondering how can i prevent this scenario:

I have asp.net application , not using any kind of asp.net secuirty
models [ neither Windows Nor Forms Auth]. Client can save a complete
copy of the web site locally, he can change any Javascript funciton ,
then chnage the Action attribute in the form tag to point to the same
page again, & it will submit .

My question is: i want to access my website only within my web site
links or
requests, i don't want to accept the previous scenario, also i don't
want to
accept any custom http request come out of my internal web site.
i can't depend on HTTP Reffer , because it's easily can be change
through
http sniffing tools or Packets editor tools.
any Advice ???

Bashar



.



Relevant Pages

  • RE: Remote Web Workplace
    ... The RWW web page is a virtual directory off of the Default Web Site. ... Make sure your request is being redirected from http to https. ... the SBSFLT ...
    (microsoft.public.windows.server.sbs)
  • RE: Mobile Sync Over the Air - Error 3012
    ... Microsoft-Server-ActiveSync ... | HTTP Keep Alive is checked on the Default Web Site and set to 120 secs. ... I wanted to inform you that I have replied to your thread in <NEWSGROUP> ...
    (microsoft.public.windows.server.sbs)
  • Re: Cant see one specific web site?
    ... I have one web site that I cannot get to. ... That site does redirects. ... in fact it is doing that using HTTP responses. ... also with an HTTP response ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: HTTP vs HTTPS for OWA
    ... In IIS administrator you can open the properties of the Default Web Site, add a custom error page for 403.4 with an absolute redirect to URL http://www.company.com. ... You can also create an HTTP redirect of the Default Web Site to /owa. ... > changed how OWA is reacting externally. ...
    (microsoft.public.exchange.connectivity)
  • Re: Apparent intermittent WEB connectivity
    ... I have found certain http or https sites don't work well and have only been ... >I have two ISA 2004 installations, both have issues with reliable WEB ... has intermittent connection to a particular external ... > also does not like a particular external WEB site (not the same one as ...
    (microsoft.public.isa)