Andrew Lock | .NET Escapades

Andrew Lock
Security

  1. Automatically validating anti-forgery tokens in ASP.NET Core with the AutoValidateAntiforgeryTokenAttribute

    This quick post is a response to a question about anti-forgery tokens I saw on twitter: I want to apply ValidateAntiForgeryToken to every action on all HttpPost requests in #AspNetCore MVC. Any easy way to do this? #dotnetcore— Tugberk Ugurlu (@tourismgeek) 10 June 2017 Anti-forgery tokens are a security…
    on ASP.NET Core Security CSRF - Comments

  2. Preventing mass assignment or over posting in ASP.NET Core

    Mass assignment, also known as over-posting, is an attack used on websites that involve some sort of model-binding to a request. It is used to set values on the server that a developer did not expect to be set. This is a well known attack now, and has been discussed…
    on ASP.NET Core Security - Comments

  3. Resource-based authorisation in ASP.NET Core

    In this next post on authorisation in ASP.NET Core, we look at how you can secure resources based on properties of that resource itself. In a previous post, we saw how you could create a policy that protects a resource based on properties of the user trying to access…
    on ASP.NET Core Auth Security - Comments

  4. Modifying the UI based on user authorisation in ASP.NET Core

    This post is the next in the series on authentication and authorisation in ASP.NET Core. It shows how to modify the UI you present based on the authorisation level of the current user. This allows you to hide links to pages the user is not authorised to access, for…
    on ASP.NET Core Security Auth Front End - Comments

  5. Custom authorisation policies and requirements in ASP.NET Core

    This post is the next in a series of posts on the authentication and authorisation infrastructure in ASP.NET Core . In the previous post we showed the basic framework for authorisation in ASP.NET Core i.e. restricting access to parts of your application depending on the current authenticated user.…
    on ASP.NET Core Auth Security - Comments

  6. Introduction to Authorisation in ASP.NET Core

    This is the next in series of posts about authentication and authorisation in ASP.NET Core. In the first post we introduced authentication in ASP.NET Core at a high level, introducing the concept of claims-based authentication. In the next two post, we looked in greater depth at the Cookie…
    on ASP.NET Core Security Auth - Comments