the jackol's den » asp.net http://www.thejackol.com 01100010 01101100 01100101 01101000 Wed, 28 Dec 2011 03:40:08 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Prevent One Click Attacks by setting ViewStateUserKey in ASP.NET applications http://www.thejackol.com/2009/09/14/prevent-one-click-attacks-by-setting-viewstateuserkey-in-asp-net-applications/ http://www.thejackol.com/2009/09/14/prevent-one-click-attacks-by-setting-viewstateuserkey-in-asp-net-applications/#comments Sun, 13 Sep 2009 20:11:08 +0000 Mikhail Esteves http://www.thejackol.com/?p=633 Here’s an easy way to avoid One Click Attacks in ASP.NET applications. If you have a Base class that all your ASP.NET pages derive from, override the OnInit function. For example:

protected override void OnInit(EventArgs e)
{
    base.OnInit(e);

    if (User.Identity.IsAuthenticated)
        ViewStateUserKey = User.Identity.Name;
}

If you don’t have a base class defined, you would have to put the above code in every ASP.NET page.

]]> http://www.thejackol.com/2009/09/14/prevent-one-click-attacks-by-setting-viewstateuserkey-in-asp-net-applications/feed/ 0