GSRF sample core project in asp.net with c# - security

I want to prevent CSRF in my website. i need sample working project in core asp.net with c#. please share if anybody having or give suggestion how to do that as soon as possible.
Thanks in advance

ARMOR is an anti-CSRF library, written in C#, designed to repel CSRF attacks targeting ASP.NET applications. Here is a tutorial on the subject, and here is the GitHub repo. Getting up-and-running is simply a matter of
Applying the necessary configuration settings
Adding Fortification Filters to the ASP.NET bootstrapper
Decorating your endpoints with ARMOR attributes
Dropping the included JavaScript on your UI
Disclaimer: I designed and built ARMOR, and the Encrypted Token Pattern. I’m happy to help you with your implementation.

Related

Any advantage in removing ASP.NET references from a web api project?

We have a ASP.NET Web Api project.
A colleague has removed the Microsoft.AspNET references.
We use IIS web hosting.
I would like to use swagger as api help replacement.
But Swagger or the .NET package Swashbuckle/Swagger comes in the CORE with Microsoft asp.net dependencies.
My colleague said we can not use this swagger.
I would like to know what the real problem is (colleague does not really say...) or what the advantage is of a decoupled web api project with asp.net dependecies?
I mean we host on IIS...
I would like to know what the real problem is (colleague does not
really say...)
Not code but, I think this is the first problem. Try to get your "colleague" to explain "why" it's better. (Not just cool code, but also mem/cpu footprint, team-capability-of-take-over, future path, etc.) Good code is maintainable by any qualified developer, not extremely complex and 'understood by only the one'.
what the advantage is of a decoupled web api project with asp.net
dependecies?
Decoupling is a good thing. First, "if you don't use it, don't reference it". To many projects end up having completely useless coupled libraries. Why? Because the "new project" template had them when the project was first created!
In the specific case of Asp.Net core libraries: The current Asp.Net is old, and a new version is on the way. One that will consolidate the knowledge and techniques of "Asp.Net, MVC, WebAPI, OData, OAuth, etc, etc). https://msdn.microsoft.com/en-us/magazine/dn913182.aspx
This means breaking changes are coming.
Not being coupled to the core libraries that are going to change seems like a good idea. If you want to move to this next version you'll have a lot less problems if you're not relying on 'old Asp.Net' functionality.
My colleague said we can not use this swagger.
I think the better way of saying it is; "We will not use anything that tightly couples us to Asp.Net core libraries again since we're decoupling from it".

Is there an equivalent of the TokenHelper class written in Java for Sharepoint 2013 OAuth Authentication

I'm trying to use the following guide to authenticate my (java) app to an internally hosted Sharepoint 2013 site: https://msdn.microsoft.com/en-us/library/jj687470.aspx
I've already registered the app and have the client ID and secret. Unfortunately, this method relies heavily on TokenHelper.cs (or .vb), but I'm unable to find a java equivalent that either Microsoft or a 3rd party developer has written.
Any help pointing me in the right direction would be appreciated!
Use the Active Directory Authentication Library. Instructions and libraries are available here.
Personally I have used the Android library, and I can say that it works like a charm.

Missing Authentication Request/Response POCOs in ServiceStack Clients

After reading a lot about ServiceStack, I think it's such a beautiful work of art and I decided to use it for our upcoming Xamarin iOS App.
The problem currently is that after installing the ServiceStack.Client for Xamarin.iOS, I can't find the Request/Response DTOs (i.e POCOs) that are used for registration or authentication given that I have enabled the Authentication and Registration Plugins in the service host.
After digging into the source code, I found those Request/Response DTOs to reside in ServiceStack assembly which is a huge dependency and I don't think I can include it in our iOS App.
is there a way around that ? shouldn't these DTOs be shipped as well with the ServiceStack clients themselves under maybe ServiceStack.Client.Auth ?
Thanks
Sorry, I guess I found them already available inside ServiceStack.Client .. what confused me is that I took some sample code from the C# client wiki and the DTOs were named differently and not available .. Thanks –

Monotouch consuming ASP.NET Web Api

I have a Monotouch project that today uses WCF Web Services to get data. Now I want to migrate it in order to start using ASP.NET Web Api Json.
Does anyone know how can I send a viewmodel data from a ASP.NET Web Api and then read it in monotouch?
Thanks for the help in advance.
I think you should read this Xamarin article.
In general, Web API is just standard HTTP passing either XML or JSON back and forth. There is not necessarily a client framework accessing it--you can consume it with raw HttpWebRequests or the equivalent in whichever programming language you are using.
Considering that, your options are:
Use an open-source library to do it (something like RestSharp)
Create the HttpWebRequest calls, and format the XML or JSON for the requests and responses yourself (you can use the .Net BCL to do this or other open source projects)
I tend to do the former, just because I like fine grained control of what is going on. #1 might be easier for you though.

Basic and Digest Access Authentication with Java

I am developing a web application with Spring. I have read about basic and digest authentication fundamentals. However how can I implement it with Java, is there any code example or is there any framework does it form me?
Here is an example with commons http client library...
Since you're already using Spring…
Spring Security implements these things, and its manual is a good place to start reading about it.

Resources