Click here to Skip to main content
15,867,686 members
Articles / Web Development / HTML

Implement secure ASP.NET MVC applications

Rate me:
Please Sign up or sign in to vote.
4.94/5 (117 votes)
21 Jul 2014CPOL37 min read 372.8K   9.1K   339  
This article discusses various aspects of ASP.NET MVC security and shows some tips to implement these elements in your applications.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using Microsoft.Security.Application;

namespace SecurityFilters
{
    public class EncodingFilter : FilterAttribute, IActionFilter
    {
        public void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(ValidateInputAttribute), true).Length == 1)
            {
                foreach (var param in filterContext.ActionParameters)
                {
                    filterContext.ActionParameters[param.Key] = Sanitizer.GetSafeHtmlFragment(param.Value.ToString());
                }

            }

        }

        public void OnActionExecuted(ActionExecutedContext filterContext)
        {


        }
    }
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Program Manager Microsoft
Serbia Serbia
Graduated from Faculty of Electrical Engineering, Department of Computer Techniques and Informatics, University of Belgrade, Serbia.
Currently working in Microsoft as Program Manager on SQL Server product.
Member of JQuery community - created few popular plugins (four popular JQuery DataTables add-ins and loadJSON template engine).
Interests: Web and databases, Software engineering process(estimation and standardization), mobile and business intelligence platforms.

Comments and Discussions