Click here to Skip to main content
14,298,693 members
Rate this:
Please Sign up or sign in to vote.
See more:
I have found security issue on my asp.net webforms(asp.net website). How to fix this issue.

No Anti-CSRF tokens were found in a HTML submission form.

A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

CSRF attacks are effective in a number of situations, including:

* The victim has an active session on the target site.

* The victim is authenticated via HTTP auth on the target site.

* The victim is on the same local network as the target site.

CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

What I have tried:

I am trying to create token, But I have 1000 web pages on application. Any global soluation?
Posted
Updated 9-Sep-19 1:48am
Comments
F-ES Sitecore 9-Sep-19 4:38am
   
Webforms or MVC?
NagaRaju Pesarlanka 9-Sep-19 5:29am
   
Webforms(Plain asp.net website)

1 solution

Rate this:
Please Sign up or sign in to vote.

Solution 1

Probably the easiest way to do this would be to add it in via the ViewState collection as opposed to a separate input element. You can read through the information here and its linked MS documents to figure out the best implementation for you
Anti CSRF Tokens ASP.NET - OWASP[^]

You may also want to read through this if you do not want to do this ViewState, the very basics are included so you would know the portions that are needed in a stand alone form
Anti-CSRF Tokens in ASP.NET Web-Forms Applicaiton | The ASP.NET Forums[^]
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100