Tuesday, October 23, 2018

Web Application Security Bridge

Microsoft has many paid security enhancer method, that we may consider later.

But currently, We can manage Direct URL hitting in browser by user. I mean if user click on menu it will navigate to desired pages but if try to type URL in browser it will not work.

Please consider it as minimum safety level security, because still we can manage to spoof using client side scripting.



Please Add below code in Global.asax.cs File –

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
    public class NoDirectAccessAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (filterContext.HttpContext.Request.UrlReferrer == null ||
                        filterContext.HttpContext.Request.Url.Host != filterContext.HttpContext.Request.UrlReferrer.Host)
            {
                filterContext.Result = new RedirectToRouteResult(new
                               RouteValueDictionary(new { controller = "Home", action = "Index", area = "" }));
            }
        }
    }


And write like -
[NoDirectAccess]
public ActionResult Index()
{
return View();
}

In each and every ActionResult.


This will provide at least minimum safety level now.

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Screen Record

 Windows Screen Record WindowsKey+ Alt + R Recording Starts.