How to prevent CSRF attack in asp.net webform?_问答_开发者

How to prevent CSRF attack in asp.net webform?

开发者 https://www.devze.com 2023-01-06 00:27 出处：网络

How to prevent CSRF (Cross-site Request Forgery) attack in ASP.NET WebForms? Is there anythin开发者_运维技巧g like [ValidateAntiForgeryToken] in ASP.NET MVC?When you are talking about protecting the

相关专题：webforms

How to prevent CSRF (Cross-site Request Forgery) attack in ASP.NET WebForms?

Is there anythin开发者_运维技巧g like [ValidateAntiForgeryToken] in ASP.NET MVC?

When you are talking about protecting the ViewState, there is the 'ViewStateUserKey', which you can use.

Basically you need to use a specific key per user, that is derived from the ASP.NET Session. Here's an example:

/// <summary>
///     Raises the <see cref="E:System.Web.UI.Control.Init" /> event to initialize the page.
/// </summary>
/// <param name="e">
///     An <see cref="T:System.EventArgs" /> that contains the event data.
/// </param>
protected override void OnInit(EventArgs e) {
    base.OnInit(e);

    // Validate whether ViewState contains the MAC fingerprint
    // Without a fingerprint, it's impossible to prevent CSRF.
    if (!Page.EnableViewStateMac) {
        throw new InvalidOperationException("The page does NOT have the MAC enabled and the view state is therefore vulnerable to tampering.");
    }

    ViewStateUserKey = Session.SessionID;
}

You can learn more e.g. from the Microsoft Docs.