Securing ASP.NET Web Sites: Form Caching

Google AdSense
What is “Form Caching Vulnerability”?

The Form Caching Vulnerability allows sensitive form fields to be cached and retrieved by another user on the same client.

CWE-525: Information Exposure Through Browser Caching

Continue reading

Securing ASP.NET Web Sites: Cookie Vulnerabilities

Google AdSense

This is the first of my series on securing ASP.NET web sites. As I work through various vulnerabilities, I’ll document instructions for fellow web developers in hopes that we can help build more secure web applications. The Cookie Vulnerability falls under the common vulnerability name of “Broken Authentication and Session Management.”

What is “Broken Authentication and Session Management”?

This cookie vulnerability is OWASP 2010 A3. You can read more at Top 10 2010-A3-Broken Authentication and Session Management. This threat applies to application functions related to authentication and session management not implemented correctly, allowing attackers to compromise passwords, keys, session tokens, or exploit other implementation flaws to assume other users’ identities.
Continue reading

How to append options to CascadingDropDown after initially populated via AJAX Web Service

The setup: Microsoft ASP.NET and AJAX Control Toolkit components

I needed to add additional dropdown options to a DropDownList web control in use by the Ajax Control Toolkit CascadingDropDown ASP.NET AJAX extender. The CascadingDropDown provided a means to get an automatic population of a set of options called by the web service. This AJAX call also passes in the parent item, so that the list items cascade (show items related to the parent control).

An example could be 2 drop down lists: Automobile Make and Automobile Model. If the user selects “Ford” from the Automobile Make drop down list, then only Ford models are listed in the Automobile Model drop down list. If the user changes the Automobile Make to “Honda”, then the items in the Automobile Model changes to show only Honda models.

I needed a way to append an “All” option to the drop down list, but I didn’t want to automatically include “All” as valid option in my Web Service. I wanted to append it on a specific form rather than as part of the data feed.

To start, you need to have a working set of CascadingDropDown web controls. I’m not to explain that set up, because you need to figure out that before you can add additional elements.

Continue reading

Encrypting Sensitive Data in .NET Config Files

Encrypting your sensitive data in your web.config files is a simple process that can be done two different ways. The first way is to use a command prompt to execute a command and encrypt/decrypt the XML sections. The second way is to encrypt/decrypt programmatically from within your web site.

Things you need to know before starting:

  • Which system account does your ASP.NET web site run as?
    This is usually “NT AuthorityNetwork Service” or “ASPNET” unless specifically configured otherwise.
  • The directory where aspnet_regiis.exe is located. The default installation path is $WINDIR% Microsoft.NET Framework <versionNumber> aspnet_regiis.exe. The last folder is the version of the Framework you are using (v2, v3, v4, etc.)

Continue reading