Everyday Learning

Asp.Net CSRF  Step 1: Add this code in master page, if there is no master page than add it in page. //This is code is to generate the random token protected void Page_Init(Object sender, EventArgs e)         {             if (!IsPostBack)             {                 var pageName = Path.GetFileName(HttpContext.Current.Request.Url.AbsolutePath);                 var pageToken = pageName + "_ID";                 RandomNumberGenerator rng = new RNGCryptoServiceProvider();                 var tokenData = new byte[32];                 rng.GetBytes(tokenData);                 var token = Convert.ToBase64String(tokenData);                 Session["token"] = token.Trim();                 CSRFToken.Value = pageToken.Trim() + token.Trim();             }         } Step:2 Verify the token on each post(Add,Update,Delete button event) protected void btnAddUpdate_Click(object sender, EventArgs e)         {             var pageToken = Path.GetFileName(HttpCo

Add below script to master page and replace Logon with your login page. <script type="text/javascript"> var LoginPageName = "Logon"; var AttachClearSessionEvent = true; var IsFormSubmit = false; $(window).submit(function () { AttachClearSessionEvent = false; IsFormSubmit = true; window.onbeforeunload = null; }); $(document).ready(function () {var myEvent = window.attachEvent || window.addEventListener;var chkevent = window.attachEvent ? 'onbeforeunload' : 'beforeunload'; /// make IE7, IE8 compitable myEvent(chkevent, function (e) { // For >=IE7, Chrome, Firefox try {if (AttachClearSessionEvent) {var caller = '(document).ready';var urlToDisposeSession = LoginPageName; $.ajax({cache: false,type: "POST",url: urlToDisposeSession,data: JSON.stringify({ RandomString: caller }),contentType: "application/json; charset=utf-8",dataType: "json",async: false,success: function (msg) {}});} }catch (ex) { }