ASP.Net Core MVC preventing CSRF attack
What are some specific ASP.Net configuration or development practices that help prevent CSRF( Cross Site Request Forgery ) attacks in a ASP.Net Core MVC application ?
Collaborate Disseminate
What are some specific ASP.Net configuration or development practices that help prevent CSRF( Cross Site Request Forgery ) attacks in a ASP.Net Core MVC application ?
I am developing a MVC core web application and i am in the process of hardning the security of the application. My current question is , is it usefull to implement the CSP ( Content Security Policy ) in a web application ?
I have a plan for handling authentication and message encryption, and I’d like some others with more cryptography knowledge to let me know if my approach is sound, or how it should be improved.
Client apps will be connecting… Continue reading Seeking Review for Authentication and Message Encryption Approach
First of all, I’m new to this whole crypto thing. Here’s my scenario:
I have a client app, that sends a 20char max string to my server. The server then checks if the name is indeed matching the char limit, then logs the name… Continue reading Protect PHP hashing algorithm (from bots)
I need to validate if my the returned string (in the method below) is signed in pkcs7 format. How can I check this? I need to pass only content (which is to be signed) and cert by which I will sign.
public static string Sign… Continue reading How to verify that signed content is in pkcs7 format?
I’m trying to follow the OWASP Password Storage Cheat Sheet recommendations on keyed functions, which recommend:
return [salt] + HMAC-SHA-256([key], [salt] + [credential]);
Using libsodium-net, the simplest method uses an … Continue reading Applying keyed function on password – practical considerations
I would like to host a service (written in C#) on my server and allow it to be accessed from outside the network.
I know that I need to open a port in the firewall for this to work, and I managed to do this, but I have no i… Continue reading Security considerations when opening port for a service?
Is anybody aware of any open source .NET authorization solution based on OASIS ABAC/RBAC/XACML approach?
I have found some visible amount of Java based solutions but it seems .NET is completely out of it (lack of interest, n… Continue reading Authorization based on OASIS ABAC/RBAC/XACML approach
I am new to LDAP. I have written the below code that authenticates users with LDAP. I currently have to validate users with a server that has a biding authentication type of GSS-Negotiate. I couldn’t find any examples to vali… Continue reading How to authenticate LDAP user with GSS Negotiate binding authentication using C#?
I am new to LDAP. I have written the below code that authenticates users with LDAP. I currently have to validate users with a server that has a biding authentication type of GSS-Negotiate. I couldn’t find any examples to vali… Continue reading How to authenticate LDAP user with GSS Negotiate binding authentication using C#?