Miracl3xt/ASP.NET-Security

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
README.md		README.md

Repository files navigation

ASP.NET-Security

For Asp.NEt Security

Web.Config

Custom Error Page
Disabling TRACE,OPTIONS Method
ADD Custom Headers
Encrypt Viewstate

Custom-Error

How to implement custom error page in asp.net website?

<system.web>
 <compilation debug="false" targetFramework="4.6.1"/>
 <httpCookies requireSSL="true" />
 <customErrors mode="On" defaultRedirect="~/error.aspx">
 <error statusCode="400" redirect="~/error.aspx" />
 <error statusCode="401" redirect="~/error.aspx" />
 <error statusCode="403" redirect="~/error.aspx" />
 <error statusCode="404" redirect="~/error.aspx" />
 <error statusCode="408" redirect="~/error.aspx" />
 <error statusCode="500" redirect="~/error.aspx" />
 <error statusCode="503" redirect="~/error.aspx" />
 </customErrors>
</system.web>

Alternative

<!--<httpErrors errorMode="Custom">
 <remove statusCode="401" subStatusCode="-1" />
 <remove statusCode="403" subStatusCode="-1" />
 <remove statusCode="404" subStatusCode="-1" />
 <remove statusCode="500" subStatusCode="-1" />
 --><!-- full url when responsemode is Redirect --><!--
 <error statusCode="401" path="/Error.aspx" responseMode="Redirect" />
 --><!--local relative path when responsemode is ExecuteURL--><!--
 <error statusCode="403" path="/Error.aspx" responseMode="Redirect" />
 <error statusCode="404" path="/Error.aspx" responseMode="Redirect" />
 <error statusCode="500" path="/Error.aspx" responseMode="ExecuteURL" />
 </httpErrors>-->
 <httpErrors existingResponse="PassThrough">
 <error statusCode="400" path="~/error.aspx" responseMode="File"/>
 <error statusCode="401" path="~/error.aspx" responseMode="File"/>
 <error statusCode="404" path="~/error.aspx" responseMode="File"/>
 <error statusCode="500" path="~/error.aspx" responseMode="File"/>
 </httpErrors>

Disable-Methods

How to disable dangerous HTTP Methods in ASP?

<system.webServer>
 <security>
 <requestFiltering>
 <verbs>
 <add verb="OPTIONS" allowed="false" />
 <add verb="TRACE" allowed="false" />
 <add verb="PUT" allowed="false" />
	 <add verb="DELETE" allowed="false" />
 </verbs>
 </requestFiltering>
 </security>
</system.webServer>

Custom-Headers

How to Implement Security Headers in asp?

<configuration>
 <system.webServer>
 <httpProtocol>
 <customHeaders>
 <add name="X-Frame-options" value="MyCustomValue" />
			<add name="X-XSS-Protection" value="1; mode=block" />
			<add name="X-Content-Type-Options" value="nosniff" />
			<add name="X-Frame-Options" value="sameorigin" />
			<add name="X-Custom-Name" value="MyCustomValue" />
 </customHeaders>
 </httpProtocol>
 </system.webServer>
</configuration>

Encrpt-Viewstate

How to Encrypt Viewstate in Asp?

<system.web> 
	<pages viewStateEncryptionMode="Always" /> 
</system.web>

About

For ASP.net Security

Releases

No releases published

Packages

No packages published

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Miracl3xt/ASP.NET-Security

Folders and files

Latest commit

History

Repository files navigation

ASP.NET-Security

Web.Config

Custom-Error

Disable-Methods

Custom-Headers

Encrpt-Viewstate

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages

Uh oh!

Miracl3xt/ASP.NET-Security

Folders and files

Latest commit

History

Repository files navigation

ASP.NET-Security

Web.Config

Custom-Error

Disable-Methods

Custom-Headers

Encrpt-Viewstate

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Packages