Posts Tagged ‘CSRF’

Keyboard Abstract@1x.jpg

A Note about App_ConfigInclude and Anti CSRF

YSOD You don’t delete contents of your App_ConfigInclude. You just don’t, right? It’s not something people normally do. Well, I first did and then I forgot that I did while I was playing with cleaning up after TDS’s File Replacement. I then left for the day and the next day my local Sitecore sandbox wouldn’t […]

ASP.NET MVC anti-forgery token demystified – part 3: AJAX

This blog post is third and final in series about MVC anti-forgery (CSRF) token. Part 1. Part 2.As we talked about it earlier, MVC have a great built-in functionality for securing form posts with anti-forgery tokens and it’s even possible make it work across multiple web applications. However, these days modern web applications tend to […]

ASP.NET MVC anti-forgery token demystified – part 2: inside

In the previous installment of this post series I talked about CSRF attack and how to prevent it using ASP.NET MVC built in components. Today I want to dive deeper into the framework code and show you what’s under the hood to anti-forgery token implementation in MVC. Some time ago Microsoft took a huge step […]

ASP.NET MVC anti-forgery token demystified – part 1: what is it?

Securing your web application is now more important than ever because various security attacks are growing in numbers and becoming more sophisticated and frequent. One of the most common types of attacks is Cross Site Request Forgery (CSRF) attack. In this kind of attack malicious web sites are hijacking a previously authenticated user sessions to […]