Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
From a security perspective. What is the worst that can happen when you have a controller that is wide open. What I mean by this is that you can call this controller using a post, get, put, delete, update, trace etc.
I guess you are talking about a controller that's not decorated with [Authorize] attribute.
What is worst that can happen, depends on how you look at it. Suppose your controller has a get method, which exposes some privacy related information. That means this sensitive information is available for anyone who is on the internet.
Similarly if you have a post method to delete some information, anyone on the internet will be able to call the delete method.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 2 years ago.
Improve this question
Wrote web api on asp.net. When accessing it, information about the server is displayed, how it can be removed.
Why did you close the question? It contains all the necessary information.
Go to the Controllers folder and look for the Home controller there you will find a method called by default Index delete that entry and remove the code from Views/Home/Index.html and Views/Shared/_Layout.html.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
How to avoid Cross-Site Request Forgery for GET method. I have used AntiForgeryToken for all POST methods in my MVC application. Even though it is not needed for Get request, but I want to know the solution to prevent CSRF for HttpGet methods.
Please refer below post. You actually don't need anti-forgery for get request.
https://security.stackexchange.com/questions/115794/should-i-use-csrf-protection-for-get-requests
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 5 years ago.
Improve this question
I intend to use currentprincipal and I searched that the property is static , so it must be shared, Actually I need it to be different not shared. as I write some code I see the currentprincipal is different after 2 users logged in to application, is it right , can I be sure of being different of the property? Actually my users logged in to application and call my function through WCF! please ask me to clear if my explanation is not enough, thanks in asvance
System.Threading.Thread.CurrentPrincipal returns IPrincipal for current thread. Do your users use the same thread at one moment? I think, no.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Using c#, I m looking to personalise a page if its the first page the user has come across.
I'm not concerned whether the solution is bulletproof because the feature is purely asthetical and can degrade.
It must use be an ASP.NET method, not JavaScript.
with
Request.UrlReferrer.Host
you can get the URL of the client's previous request. But this won't work with https from external pages
I think you should use this
Url referel
This property contains previous page url, so you can check if current request is from your site.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
Is it possible to redirect to controller action methods through aspx cs page?
how can I redirect from a controller action methods
Thanks
Any code sample will be helpful. but based on assumption and other comments in questions.
You have to make sure you are passing the correct URL in Response.Redirect. Navigate to top level and then redirect to the required page may be helpful.
Also refer to this url : Why do I get "Cannot redirect after HTTP headers have been sent" when I call Response.Redirect()?
Note: I cant add comment, so posting this as answer.