Cookies used by ASP.NET application did not have the HTTPOnly flag set.
HiCookies used by My ASP.NET application did not have the HTTPOnly flag set. This could allow a client-side script to access the cookie and reveal it to the attacker. How Can I Prevent that?
View Articlecookie's Secure flag was not set
HiHTTP cookie used by My ASP.NET Web application, it was determined that the cookie's Secure flag was not set. Without this flag, the cookie's contents could potentially traverse a clear text channel,...
View ArticleWeb application security of the communications being compromised on web...
HiI Have a Security Issue on my Web Application.On My ASP.NET Web application security of the communications being compromised on web server (SSL/TLS configuration) / weaker SSL implementations were...
View ArticleASP.NET Web application was configured to return informative error messages.
HiI Have a Security Issue on my Web Application.My ASP.NET Web application was configured to return informative error messages. This could enable an attacker to understand the cause of the errors and...
View ArticleHow to pass windows credentials programmatically when window open
In my ASP.NET application when I click on button opening a window using JavaScript. Unfortunately, this link is asking windows credentials, I have the windows credentials but how can I pass...
View ArticleHTTPS SETUP - WebServer to ApiServer
Hi,I received a wildcard certificate to setup HTTPS on the webserver (for the client to connect with the frontend server on https).Now I need to secure the communications between the frontend webserver...
View ArticleMy ASP.NET Web application did not make use of the HTTP Strict Transport...
HiMy ASP.NET Web application did not make use of the HTTP Strict Transport Security (HSTS) mechanism.This could potentially expose users to Man in the Middle (MitM) attacks. When a web application uses...
View ArticleWeb server hosting the application disclosing the version number of its...
HiWeb server hosting the application disclosing the version number of its software. The following response shows how the web server version was disclosed in the Sever HTTP header:HTTP/1.1 200 OKServer:...
View ArticleLoading this assembly would produce a different grant set from other...
Uninstall the SCOM Agent Manually on the SharePoint Servers.Delete the Microsoft Monitoring Agent from "C:\Program Files\" folder on your SharePoint Server.Restart the Server and try to open the CA and...
View Articlesingle sign on
hi i need to implement single sign on for our asp.net website project. we don't use built in authentication, we keep user info on sql server . my questions1. is it possible implement sso with out using...
View ArticleWindows 10 update causes "Local Security Authority cannot be contacted"
My Windows 10 system recently upgraded to version 1703.Now my ASP.Net applications and SQL Server 2012 cannot connect, returning the error"Local Security Authority cannot be contacted".Any idea what...
View Article4.5 to 4.7 upgrade questions
It appears that there have been many framework security fixes between 4.5 and 4.7. Most our web apps are currently .NET 4.5 (Asp.NET MVC and WCF). Is it good enough to upgrade the server framework...
View ArticleCan't login after changing framework version
I've a website build with ASP.NET 2.0 AND SECURITY=FORMSI want to upgrade ASP.NET version so I've changed .NET version to 4.5 but after this cannot login.Membership.ValidateUserfail.Removing...
View ArticleController Action when user is logged in using a cookie (remember me)
I need to perform a check and possible send the user to a view based on some values on his account when they log in. This is fairly straight forward when they use a third party login (facebook or...
View ArticleUsing Identity with Different Database
Hello everyone and thanks for your help in advance. I'm trying to learn the identity framework by unravelling the pre-installed code. Obviously like previous security models, the framework is highly...
View ArticleSecure Password Recovery Method
What is the preferred method for securely recovering a user password? The password recovery control seems very insecure because it emails the password to the user. The only way i can think of is to...
View ArticleImplement User Lock manually
Hi,I am using Asp.Net identity with WebAPI and n-tier Architecture, where the WebAPI has no access to Asp.Net Identity features directly but through a service layer.In my business logic, i have to send...
View ArticleAllowAutoRedirect = true is not redirecting in HttpWebRequest
Hi,I am using the below code to Login and redirect the another domain site. Unfortunately it is not redirecting instead it is giving the html content. Can any one please help on thisHttpWebRequest...
View ArticleASP.Net Core Make HTTPS Mandatory
I am developing a Web application using ASP.Net Core. I need to make the HTTPS mandatory programatically irrespective of the hosting environment.What is the easiest way that I can achieve this ? It...
View ArticleImplement HSTS in ASP.Net Core MVC Application
I need to implement the HSTS (HTTP Strict Transport Security) in my ASP.Net Core MVC application. How can I achieve this simply in my code ?
View Article