ASP.Net Core MVC preventing CSRF attack
What are some specific ASP.Net configuration or development practices that help prevent CSRF( Cross Site Request Forgery ) attacks in a ASP.Net Core MVC application ?
Category Archives: net
ASP.Net Core MVC Content Security Policy
I am developing a MVC core web application and i am in the process of hardning the security of the application. My current question is , is it usefull to implement the CSP ( Content Security Policy ) in a web application ?
Seeking Review for Authentication and Message Encryption Approach
I have a plan for handling authentication and message encryption, and I’d like some others with more cryptography knowledge to let me know if my approach is sound, or how it should be improved.
Client apps will be connecting… Continue reading Seeking Review for Authentication and Message Encryption Approach
Protect PHP hashing algorithm (from bots)
First of all, I’m new to this whole crypto thing. Here’s my scenario:
I have a client app, that sends a 20char max string to my server. The server then checks if the name is indeed matching the char limit, then logs the name… Continue reading Protect PHP hashing algorithm (from bots)
How to verify that signed content is in pkcs7 format?
I need to validate if my the returned string (in the method below) is signed in pkcs7 format. How can I check this? I need to pass only content (which is to be signed) and cert by which I will sign.
public static string Sign… Continue reading How to verify that signed content is in pkcs7 format?
Applying keyed function on password – practical considerations
I’m trying to follow the OWASP Password Storage Cheat Sheet recommendations on keyed functions, which recommend:
return [salt] + HMAC-SHA-256([key], [salt] + [credential]);
Using libsodium-net, the simplest method uses an … Continue reading Applying keyed function on password – practical considerations
Security considerations when opening port for a service?
I would like to host a service (written in C#) on my server and allow it to be accessed from outside the network.
I know that I need to open a port in the firewall for this to work, and I managed to do this, but I have no i… Continue reading Security considerations when opening port for a service?
Authorization based on OASIS ABAC/RBAC/XACML approach
Is anybody aware of any open source .NET authorization solution based on OASIS ABAC/RBAC/XACML approach?
I have found some visible amount of Java based solutions but it seems .NET is completely out of it (lack of interest, n… Continue reading Authorization based on OASIS ABAC/RBAC/XACML approach
How to authenticate LDAP user with GSS Negotiate binding authentication using C#?
I am new to LDAP. I have written the below code that authenticates users with LDAP. I currently have to validate users with a server that has a biding authentication type of GSS-Negotiate. I couldn’t find any examples to vali… Continue reading How to authenticate LDAP user with GSS Negotiate binding authentication using C#?
How to authenticate LDAP user with GSS Negotiate binding authentication using C#?
I am new to LDAP. I have written the below code that authenticates users with LDAP. I currently have to validate users with a server that has a biding authentication type of GSS-Negotiate. I couldn’t find any examples to vali… Continue reading How to authenticate LDAP user with GSS Negotiate binding authentication using C#?