Over the course of a last few years Microsoft unleashed two new web development frameworks: Web API and SignalR, both are suitable for asynchronous communications between web client and web server. And, of course, we still have MVC controller actions that can be used for asynchronous communications too and can accept and return JSON objects. […]
Blogs from this Author
Integrating ASP.NET MVC authentication with SiteMinder SSO
SiteMinder is an enterprise-class secure single sign-on solution by CA (Computer Associates) which is employed by many large companies to secure their intranet access and provide single sign-on functionality to various intranet applications. SiteMinder has a broad support for different application frameworks which is making possible to use in heterogeneous enterprise environment. For example, when […]
Gracefully handle MVC login session expiration in javascript
If your web application is built using ASP.NET MVC stack and it requires user authentication and authorization to access a certain parts of the application (or application as a whole), then the chances are that you using [Authorize] controller attribute. This attribute could be applied to controller as a whole or to any of the […]
ASP.NET MVC anti-forgery token demystified – part 3: AJAX
This blog post is third and final in series about MVC anti-forgery (CSRF) token. Part 1. Part 2.As we talked about it earlier, MVC have a great built-in functionality for securing form posts with anti-forgery tokens and it’s even possible make it work across multiple web applications. However, these days modern web applications tend to […]
ASP.NET MVC anti-forgery token demystified – part 2: inside
In the previous installment of this post series I talked about CSRF attack and how to prevent it using ASP.NET MVC built in components. Today I want to dive deeper into the framework code and show you what’s under the hood to anti-forgery token implementation in MVC. Some time ago Microsoft took a huge step […]
ASP.NET MVC anti-forgery token demystified – part 1: what is it?
Securing your web application is now more important than ever because various security attacks are growing in numbers and becoming more sophisticated and frequent. One of the most common types of attacks is Cross Site Request Forgery (CSRF) attack. In this kind of attack malicious web sites are hijacking a previously authenticated user sessions to […]