Tips To Secure your ASP.NET MVC Application

Tips To Secure your ASP.NET MVC Application

CheapASPNETHostingReview.com | Best and cheap ASP.NET hosting. Securing your ASP.NET MVC application ought to be priority number a single each time you begin a brand new net application. Employing the attributes Authorize and ValidateAntiForgeryToken in every single controller and action will be the only method to stay away from any safety holes. In this post I’ll show you the best way to secure your ASP.NET application by implementing the AuthorizeAttribute and ValidateAntiForgeryTokenAttribute classes.

The basics

In the extremely least, you need to add an [Authorize] attribute to every controller or controller Action in case you would like several of the controller actions to be accessible by anonymous users. As an example, you probably want ALL users to possess access for the login and register actions of one’s web application.

By decorating the HomeController using the Authorize attribute (notice I didn’t specify any user part) the application will avert any unauthenticated user from executing any in the actions in this controller.

The following is an instance of decorating a controller action with all the Authorize attribute, you desire to complete this if you only want to restrict access to a few of the actions in a controller instead of all actions.

Safeguarding against Cross-site request forgery attack (CSRF or XSRF)

The Authorize attribute delivers protection which is sufficient in most situations. Nonetheless, there’s security hole with this and therefore it opens your web application for a cross-site request forgery attack. By way of example, right after a user logs into your website the website will concern your browser an authentication token inside a cookie. Every single subsequent request, the browser sends the cookie back for the site to let the web site realize that you are authorized to take what ever action you are taking, so far every thing is very good.

Right here would be the issue with only using the Authorize attribute, let’s say that a user is logged in to your website and then they visit a spam web site by clicking on a hyperlink that points to one more web site which causes a kind post back to your site… this can be negative, your browser will send the authentication cookie to your website generating it seem as when the request came out of your website and initiated by an authenticated user when it genuinely didn’t.

The above situation is known as cross-site request forgery and can be avoided by adding the ValidateAntiForgeryToken attribute offered inside the .NET framework, this attribute is employed to detect regardless of whether a server request has been tampered with.

The initial step would be to add the ValidateAntiForgeryToken attribute to every single Post Action as follows:

The next step is to add the HtmlHelper strategy @Html.AntiForgeryToken() inside the type within your view.

The way the ValidateAntiForgeryToken attribute operates is by checking to view that the cookie and hidden kind field left by the Html.AntiForgeryToken() HtmlHelper essentially exists and match. If they do not exist or match, it throws an HttpAntiForgeryException shown beneath:

“A essential anti-forgery token was not supplied or was invalid”

By adding the ValidateAntiForgeryToken for your controller actions your internet site will likely be prepared to stop CSRF/XSRF attacks.

Implementing Forms Authentication using Active Directory (AD)

Often times you might run across a project where you need to authenticate users of your website using Active Directory credentials, the good news is that you can use the existing “Account” controller to achieve this, only a few modifications are necessary.

When you create a new MVC Web Application project and choose the Internet Application template, the Account controller is added to the project, you can use this controller with AD to authenticate your users. For the Account controller to work with AD we need to remove all Actions but the following:

  • Logon()
  • Logon(LogOnModel model, string returnUrl)
  • LogOff()

Your Account controller should look like the following after you remove the unnecessary Actions such as ChangePassword, Register, etc.

After this, go ahead and clean up the AccountModel as well so the only model class left is the LogOnModel:

Lastly, add the following to the project’s web.config file:

1ed

Main Advantages of ASP.NET Framework

Main Advantages of ASP.NET Framework

CheapASPNETHostingReview.com | Best and cheap ASP.NET Hosting. With the tough competition going on and the tendency to produce something innovative for the customers, the  web development companies are now focusing on using cutting-edge technologies to develop custom applications. To develop any application, the first thing you need to understand is the nature of your business in order to deploy the application which is suitable for your business. And the second most thing is the selection of the best technology platform for the development process.

03_blog

With the continuous change and demand in the technology market, Microsoft created Asp.Net Framework to create feature rich websites and web applications. Active server pages or Asp, is the perfect platform for creating high-end applications. Dot Net is the best server side scripting technology where Windows web server is used to host Asp.Net websites and web applications.

Introducing Asp by Microsoft corporation is one of the biggest achievement as to meet the market demand of dynamic web pages which can be viewed on different web browsers. With dot net you can create reliable and reusable applications. The Asp.Net framework is a highly popular one and relatively easy for the .Net developers to create compelling Asp.net applications by using Visual Studio. Well the good part is, it is not only limited to Asp but also give the advantage to the developers to make use of other programming languages like C#, VB etc.

Let’s take a look at some key advantages of using Asp.Net Framework

  • Keep you Asp.net applications secured with the built-in Windows authentication and per-application configuration.
  • Asp.Net has reduced the long lines of code required to develop large applications.
  • Asp.Net and Html, together generate dynamic web pages smoothly.
  • Being an ideal server-side scripting technology, Asp.Net code first runs on Windows server before displaying on the web browser.
  • Asp.Net framework is language independent, means you can choose any programming language which best suited to you application.
  • With the built-in configuration information, Asp.Net is easy to deploy.
  • The windows web server thoroughly monitors the web pages, multiple components, and applications running over it.
  • The Dot Net Framework quickly gives an alert for memory leaks, unbounded loops, and other wrong behaviors, immediately killing them and restart them over again.
  • Asp.Net features like early binding, JIT compilation, caching services and native optimization supports gives your application the high level of performance.
  • All the Asp.Net applications are highly monitored and managed to help application available to handle requests.
  • The best part of Dot Net Framework is it has its own built-in caching features.
  • The content and the program logic are separated in the .Net Framework, thus reducing the program inconveniences.

Microsoft Asp.Net Framework is a widely used development framework for building enterprise level web applications, that today’s developers love to use. The Dot Net technology offers immeasurable benefits for various issues like memory management, security, and exceptional handling, a developer may face. The above-mentioned advantages made Asp.Net Framework an ideal choice for developing .Net Application Development. So what are you still waiting for? Let’s get started with this next-generation platform! And if we missed out any of the other advantages of .net, then do let us know in the comment below.