Software and web application security

September 30, 2006

ViewStateUserKey to prevent XSRF (CSRF or cross-site request forgery) in ASP.NET

Filed under: security, web apps — chrisweber @ 1:59 pm

ViewStateUserKey has been around for many years and is an easy solution to prevent the infamous XSRF or cross-site request forgery class of attack.

It’s documented:

http://msdn2.microsoft.com/en-us/library/system.web.ui.page.viewstateuserkey.aspx

ViewStateUserKey mitigates XSRF by including a unique identifier in the user’s request.

This protection mechanism has been available for many years when Microsoft identified the one-click attack, now more commonly referred to as XSRF.

Advertisements

10 Comments »

  1. I just like the helpful info you supply in your articles.
    I will bookmark your weblog and test again right here frequently.
    I’m reasonably certain I will learn a lot of new stuff right right here! Best of luck for the following!

    Comment by for your eyes only james bond theme — October 5, 2012 @ 3:24 pm

  2. Pretty! This was a really wonderful article. Thank you for
    supplying this information.

    Comment by rid black skin — February 8, 2013 @ 6:52 pm

  3. I’m not sure exactly why but this blog is loading extremely slow for me. Is anyone else having this issue or is it a problem on my end? I’ll check back
    later and see if the problem still exists.

    Comment by woodworking — March 21, 2013 @ 11:08 pm

  4. how could i do this on a mac.

    Comment by xerox phaser 8560 printer — April 11, 2013 @ 12:37 pm

  5. I like the helpful information you provide in your articles.

    I will bookmark your weblog and check again here regularly.
    I’m quite certain I’ll learn lots of new stuff right here!
    Best of luck for the next!

    Comment by weight loss tips — April 23, 2013 @ 4:28 pm

  6. This condition requires special care to
    combat the issue successfully. MMJ is carrying long history of medicinal usage
    as the fluid extracts provided as Medical Marijuana is highly used as a medication for
    various therapies as well. These are all contained in a
    membrane within the cartridge to suspend the ingredients and keep blu fresh while stored.

    Comment by portable vaporizer — July 22, 2013 @ 1:21 am

  7. Any herb vaporizer will be significantly safer to use than even water-filtered pipes like hookahs.
    Want e-mail updates on Howard Stern related stories.
    Many individuals often call vaporizer as smoke sticks.

    Comment by best portable vaporizer — August 2, 2013 @ 10:26 am

  8. In addition, as a CNA, you will be earning money and gaining valuable
    experience along the way. Or will you decide to go even further than these two career options.

    If you are looking to add another qualification to your resume here is an excellent opportunity for you to gain basic business and negotiation skills
    from TWZ Enterprises.

    Comment by how to become a cna — August 6, 2013 @ 6:52 am

  9. Truly no matter if someone doesn’t know then its up tto
    other viewers that they will assist, so here it takes place.

    Comment by inground swimming pool covers — January 16, 2014 @ 11:06 pm

  10. It’s not my first time to go to see this web site, i am visiting
    this web page dailly and obtain nice data from here every day.

    Comment by شركة مكافحة حشرات النمل الابيض بالدمام — May 16, 2014 @ 2:50 am


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: