Home > Enterprise >  How to mitigate replay attacks for ASP.Net application?
How to mitigate replay attacks for ASP.Net application?

Time:09-19

We use Oauth2 authentication with Okta for our Classic ASP.Net MVC website. After the user logs out of the application, he can "replay" an old request with all of the original cookies and still get access to the website. How can I prevent this security hole?

I have successfully developed a custom ITicketStore for my ASP.Net Core websites to solve this problem (similar to https://ml-software.ch/posts/implementing-a-custom-iticketstore-for-asp-net-core-identity), but I cannot find a similar concept to ITicketStore for Classic ASP.Net applications.

CodePudding user response:

It turns out that there is an equivalent to ITicketStore in Owin, which is called IAuthenticationSessionStore. You can find an example at: https://rhastastudio.wordpress.com/2016/07/19/owin-authentication-and-session-store/

Page link:https//www.codepudding.com/Enterprise/549869.html

Prev:Serilog only log warnings, errors and critical
Next:DbSet.Where in EF fetching all the data
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding