Home > Enterprise >  How to mitigate replay attacks for ASP.Net application?
How to mitigate replay attacks for ASP.Net application?

Time:09-19

We use Oauth2 authentication with Okta for our Classic ASP.Net MVC website. After the user logs out of the application, he can "replay" an old request with all of the original cookies and still get access to the website. How can I prevent this security hole?

I have successfully developed a custom ITicketStore for my ASP.Net Core websites to solve this problem (similar to https://ml-software.ch/posts/implementing-a-custom-iticketstore-for-asp-net-core-identity), but I cannot find a similar concept to ITicketStore for Classic ASP.Net applications.

CodePudding user response:

It turns out that there is an equivalent to ITicketStore in Owin, which is called IAuthenticationSessionStore. You can find an example at: https://rhastastudio.wordpress.com/2016/07/19/owin-authentication-and-session-store/

  • Related