Skip to main content

Posts

Showing posts from 2016

Generate new token on each request in MVC Ajax post call (Custom Code)

Generate new token on each request in MVC Ajax post call (Custom Code) Step: 1 In controller add below Code to generate new random token and store it in the session protected string GenerateCSRFToken() {   RandomNumberGenerator rng = new RNGCryptoServiceProvider ( "Add Your Salt String" );   var tokenData = new byte [64];  rng.GetBytes(tokenData);   var token = Convert .ToBase64String(tokenData);  Session[ "CSRFtoken" ] = token.Trim();  return token; } Step: 2 In controller generate new token and pass it to view using ViewData. public ActionResult Index() {  ViewData[ "CSRFtoken" ] = GenerateCSRFToken();  return View(); } Step: 3 In View create hidden field and assign ViewData value to it. < input type ="hidden" value =" @ ViewData[ "CSRFtoken" ] " id ="hdnCSRFtoken" /> Step: 4 In View read and pass the hidden field value as method parameter/

Password Protected File Validation for(.doc/.docx/.xls/.xlsx/.pdf) file types

Password Protected File Validation for(.doc/.docx/.xls/.xlsx/.pdf) file types protected void btnUpload_Click( object sender, EventArgs e)         {             //Check if File Upload control has file or not             if (FileUpload1.HasFile)             {                 //Get Uploaded file bytes                 var bytes = FileUpload1.FileBytes;                 //Get Uploaded File Extension                 FileInfo objFileInfo = new FileInfo (FileUpload1.FileName);                 string StrFileExt = objFileInfo.Extension.ToUpper();                                 //Based on the File extension call appropriate user defined method.                 //For PDF file type                 if (StrFileExt == ".PDF" )                 {                     //Upload and save file in server temp folder                     var newfilename = DateTime .Now.GetHashCode() + FileUpload1.FileName;                     FileUpload1.SaveAs(Syst

Server Error (dots in URL)

Issue description: Asp.net Server error [Unable to redirect to custom error page] when three dots (…) placed after directory name in url, Custom error page will not work if below attribute is set to false. www.yourwebsite.com\somefolder\ ... By default in asp.net  application will be configured relaxedUrlToFileSystemMapping = " false, which means each http request will be validated by ‘Server OS file path validation component’. So when we pass (.) or (..) in URL first it will be validated by this component then the valid request will be passed to IIS. By setting relaxedUrlToFileSystemMapping = " true " it will bypass the ‘Server OS file path validation’, so all the http request will directly reach to IIS. Same scenario has been explained in below figure. Mitigation:                                                        In web config: <system.web>        <httpRuntime targetFramework="4.5" relaxedUrlToFileSystemM