Collaborate Disseminate
I am doing some maintenance on a 10 year old ASP.net web-forms application. It has a business layer that has its methods protected by System.Security.Permissions.PrincipalPermissionAttribute, like this:
[PrincipalPermission(… Continue reading What does setting Unrestricted = false on PrincipalPermission supposed to do?
I work for an educational institution, and we are seeing entries from our admissions application that amount to spam. Currently I only have one honeypot applied to thwart the spam bots, but these entries look to be input by a… Continue reading form spam prevention
I’m testing an application where the application does not handle special characters but request validation in ASP.NET picks it up and throws an exception.
There have been some different ways to bypass this previously like t… Continue reading Bypass Asp.Net 4.6 "A potentially dangerous Request.QueryString value was detected from the client"
I’m testing an application where the application does not handle special characters but request validation in ASP.NET picks it up and throws an exception.
There have been some different ways to bypass this previously like t… Continue reading Bypass Asp.Net 4.6 "A potentially dangerous Request.QueryString value was detected from the client"
So I just came across this nasty looking piece of code.
public ActionResult Display(string viewName)
{
return View(viewName);
}
I would avoid having that parameter or at least I would get that parameter through a w… Continue reading Returning parameterised view
I am experimenting with an OAuth2 authentication in an asp.net web-service.
When accidentally generating a huge amount of claims I’ve discovered that the bearer token increases drastically in size. That leads me to the assu… Continue reading asp.net+bearer token: Tampering of claims possible?
I am experimenting with an OAuth2 authentication in an asp.net web-service.
When accidentally generating a huge amount of claims I’ve discovered that the bearer token increases drastically in size. That leads me to the assu… Continue reading asp.net+bearer token: Tampering of claims possible?
I have an ASP.NET website hosted on premises and only accessible by my company. I discovered that if I connect it to a server in the DMZ (open to the internet) even though the IIS folder is set to Windows authentication it st… Continue reading windows authentication vs ADFS
I have an ASP.NET website hosted on premises and only accessible by my company. I discovered that if I connect it to a server in the DMZ (open to the internet) even though the IIS folder is set to Windows authentication it st… Continue reading windows authentication vs ADFS
Is there any programmatic way that where I can mandate the HTTPS in my ASP.Net Web API? I need to perform this for all HTTP methods in my Web API.
Can we mandate HTTPS to specific HTTP messages as well ?
Please note that … Continue reading ASP.Net Web API make HTTPS Mandatory