ASP.NET MVC 4 and session security leak
Instead of using ASP.NET MVC User’s system, I’m simply using session, as the following:
security
How to prevent open redirection attacks?
what is the best approach to prevent open redirection attacks.Currently i am developing asp.net website.I want to make sure not to redirect the users to external links up on successful login?
Does asp.net protect against sql injection attacks
By default does ASP.net protect against SQL injection attacks when using ASP controls?
Asp.net ConnectionString in secure way
I could not get a satisfactory answer to my question on the google, they are:
How to apply security on a folder using web.config file?
I have folder on which i want to apply security like the current user who is using the site, can access that folder but if he is not currently logged in then he cannot see the content of that folder or files of that folder. I know we can do it in web.config file but i dont know how. Please help me. Thanks in advance.
Is using session state an unsafe way to create user logins and role in asp.net
Consider the setup where a list of ids and passwords are stored in a database on a server and when a user enters his login credentials then the code-behind verifies it against the server and sets values like Session[“id”] Session[“login”] to determine whether user has access to certain page.
IE & Firefox with Integrated Windows Authentication
I’m building an Intranet application based on Ext JS and webservices. Users are authorized using Integrated Windows Authentication, which works fine in IE.
Effective Password Encryption
I’ve taken a look at the StackOverflow question, “Password Encryption / Database Layer AES or App Layer AES,” and I’d like to effectively and efficiently hash my passwords on registration (web app) and then be able to check they are correct on login. I’m using VB, but comfortable using C#.
Is Microsoft.Office.Interop safe to use for (file-converting) for a website?
I am coding a website on witch users have to add reports (Word document’s) and to make possible to view them I convert *.doc to *.pdf, and then displaying them throught pdf.js. For converting i use Microsoft.Office.Interop.Word. Code looks like
ASP.NET membership salt?
How does ASP.NET membership generate their salt key and then how do they encode it (that is, is it salt + password or password + salt)?