Prevent One Click Attacks by setting ViewStateUserKey in ASP.NET applications

Here’s an easy way to avoid One Click Attacks in ASP.NET applications. If you have a Base class that all your ASP.NET pages derive from, override the OnInit function. For example:

protected override void OnInit(EventArgs e)
{
    base.OnInit(e);

    if (User.Identity.IsAuthenticated)
        ViewStateUserKey = User.Identity.Name;
}

If you don’t have a base class defined, you would have to put the above code in every ASP.NET page.

By Mikhail Esteves | September 14th, 2009 in C#/.NET, Tips | tags: asp.net, c#, Tips

the jackol’s den01100010 01101100 01100101 01101000

Prevent One Click Attacks by setting ViewStateUserKey in ASP.NET applications

Leave a comment

Photography

Projects

Categories

Archive