The a HTTP module is used when you need to intercept and examine the incoming HTTP requests before or after the page life cycle. The HTTPModule provides events where you can plug into to examine or alter the request or response within the asp.net cycle. HTTPModule are the perfect place the apply security checks.
HTTP headers leak technical information to potential attackers about a system. To harden the security of an application you need to disclose as little information about a system as possible. In this post I will show to remove the Asp.net version from HTTP server header responses.
In the previous post I showed how to how to use the configSource to create multiple broken-out config files to ease maintenance. Below are more examples of where the configSection can be used.
The size of configuration files often creates the desire to split it into multiple smaller more manageable parts. To achieve this one can break the file into smaller more manageable parts by using configSource attribute.
I wrote this small single file aspx utility that can be dropped in a asp.net website. The utility will allow the user to view the claims within the token.
When it comes to access control in asp.net we are all familiar with the access control elements found in the web.config. Below I will cover the best way to secure a website with the authorization element?
Custom error pages are used to hide technical information from end users. Often default error pages can leak technical information to potential attackers. In this post Ill show how to implement custom error pages for IIS and Asp.net to assist with hardening the security of a system.
HTTP headers leak technical information to potential attackers about a system. To harden the security of an application you need to disclose as little information about a system as possible.
ID4243: Could not create a SecurityToken. A token was not found in the token cache and no cookie was found in the context.
A few posts back I was looking at OAuth and I stumbled onto some posts with references to this thing called OWIN. Initially I thought it was a framework that wrapped OAuth to make it easier to use but it turned out to be a hosting solution with support for middleware.