Sharing login-system between classic ASP and ASP.Net
A client uses classic ASP to log in to their web based backoffice.
security
System.Web.MVC not copied into bin folder since MS14-059. How to protect against creating builds with missing DLLs as a result of Windows Updates?
This morning it was reported that our web app on our QA server was completely broken with the following error reported from Web.config:
Image Uploading – security issues
I’m developing an ASP.NET Web app and would like the user to be able to either upload an image from their local system, or pass in a URL to an image. The image can either be a JPG or PNG. What security issues should I be concerned about doing this? I’ve seen various ways of embedding code within JPG files. Are there any methods in C# (or external libraries) which can confirm that a file is a JPG/PNG, otherwise throw an error? At the very least, I’m making the directory which holds uploaded images non-browsable and putting a max size limit of 1mb, but I’d like to implement further checks.
How do I prevent replay attacks?
This is related to another question I asked. In summary, I have a special case of a URL where, when a form is POSTed to it, I can’t rely on cookies for authentication or to maintain the user’s session, but I somehow need to know who they are, and I need to know they’re logged in!
A potentially dangerous Request.QueryString value was detected from the client when sending html markup from jquery post call to asp.net page
I m making an ajax call using jQuery to an ASP.NET page which acts as my ajax server page to save the data which i am sending to it in the query string. In the ASP.NET page when i am trying to read the querystring i am getting this error:
Deny access to ‘admin’ folder in web.config
I am new to ASP.NET, so forgive me if this is simple.
Authorize attribute vs authorization node in web.config
I know I can restrict the access to an ASP.NET MVC 3 application using the authorization tag in web.config
How can I provide an ASP.NET Forms Authentication UX while using Active Directory Role and Authentication providers?
Is it possible to use this Role Provider AspNetWindowsTokenRoleProvider with ASP.NET FORMS Authentication (via this MembershipProvider System.Web.Security.ActiveDirectoryMembershipProvider)?
How to Implement Password Resets?
I’m working on an application in ASP.NET, and was wondering specifically how I could implement a Password Reset function if I wanted to roll my own.
ASP.NET Session Mix-up using StateServer (SCARY!)
We store two objects in session. Somehow, one of the objects from another user got loaded into a different user’s session. The user should have had no access to this particular data, and as soon as they saw it they knew something was very wrong.