Giter Site home page Giter Site logo

asp.net-security's Introduction

ASP.NET-Security

For Asp.NEt Security

Web.Config

Custom-Error

How to implement custom error page in asp.net website?

<system.web>
    <compilation debug="false" targetFramework="4.6.1"/>
    <httpCookies requireSSL="true" />
    <customErrors mode="On" defaultRedirect="~/error.aspx">
      <error statusCode="400" redirect="~/error.aspx" />
      <error statusCode="401" redirect="~/error.aspx" />
      <error statusCode="403" redirect="~/error.aspx" />
      <error statusCode="404" redirect="~/error.aspx" />
      <error statusCode="408" redirect="~/error.aspx" />
      <error statusCode="500" redirect="~/error.aspx" />
      <error statusCode="503" redirect="~/error.aspx" />
    </customErrors>
</system.web>

Alternative

<!--<httpErrors errorMode="Custom">
    <remove statusCode="401" subStatusCode="-1" />
    <remove statusCode="403" subStatusCode="-1" />
    <remove statusCode="404" subStatusCode="-1" />
    <remove statusCode="500" subStatusCode="-1" />
    --><!-- full url when responsemode is Redirect --><!--
    <error statusCode="401" path="/Error.aspx" responseMode="Redirect" />
    --><!--local relative path when responsemode is ExecuteURL--><!--
    <error statusCode="403" path="/Error.aspx" responseMode="Redirect" />
    <error statusCode="404" path="/Error.aspx" responseMode="Redirect" />
    <error statusCode="500" path="/Error.aspx" responseMode="ExecuteURL" />
        </httpErrors>-->
  <httpErrors existingResponse="PassThrough">
  <error statusCode="400" path="~/error.aspx" responseMode="File"/>
  <error statusCode="401" path="~/error.aspx" responseMode="File"/>
  <error statusCode="404" path="~/error.aspx" responseMode="File"/>
  <error statusCode="500" path="~/error.aspx" responseMode="File"/>
  </httpErrors>

Disable-Methods

How to disable dangerous HTTP Methods in ASP?

<system.webServer>
    <security>
      <requestFiltering>
        <verbs>
          <add verb="OPTIONS" allowed="false" />
          <add verb="TRACE" allowed="false" />
           <add verb="PUT" allowed="false" />
	   <add verb="DELETE" allowed="false" />
        </verbs>
      </requestFiltering>
    </security>
</system.webServer>

Custom-Headers

How to Implement Security Headers in asp?

<configuration>
   <system.webServer>
      <httpProtocol>
         <customHeaders>
            <add name="X-Frame-options" value="MyCustomValue" />
			<add name="X-XSS-Protection" value="1; mode=block" />
			<add name="X-Content-Type-Options" value="nosniff" />
			<add name="X-Frame-Options" value="sameorigin" />
			<add name="X-Custom-Name" value="MyCustomValue" />
         </customHeaders>
      </httpProtocol>
   </system.webServer>
</configuration>

Encrpt-Viewstate

How to Encrypt Viewstate in Asp?

<system.web> 
	<pages viewStateEncryptionMode="Always" /> 
</system.web>

asp.net-security's People

Contributors

miracl3xt avatar

Stargazers

avatar

Watchers

avatar

Forkers

effortlessdevsec

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.