I encounter an ajax request authorization failure and causes bad user experience. I had click on a button which require ajax response in my ASP.net MVC application which already timout. Below is the way to handle it properly without getting any bugs.
I have created a OnAuthorizationModule action filter to check on each action to determine which pipeline to go. If IsAjaxRequest is true, it will throw HttpException, else it will redirect to error page.
JQuery global error handle will receive the exception and display error message accordingly.
How to develop a responsive site which size can be adjusted while the display is still able to maintain its sequence and order, displaying a meaning page without running out of order?
Basically just have to add an attribute in the style of the div tag will do. For the main div, add display:inline-block in style,while the div’s in the main div will have to add float:left in style. While all the UI controls, images, words are in div tag.
I’m just trying to do a simple survey to see where I can improve to make my blog a better one. I do welcome if you have any comment whether good or bad or constructive criticism, please post below in the reply section. It would be better to specify which area can be improve. Thanks. 🙂
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.
Using a secret cookie
Remember that all cookies, even the secret ones, will be submitted with every request. All authentication tokens will be submitted regardless of whether or not the end-user was tricked into submitting the request. Furthermore, session identifiers are simply used by the application container to associate the request with a specific session object. The session identifier does not verify that the end-user intended to submit the request.
Only accepting POST requests
A number of flawed ideas for defending against CSRF attacks have been developed over time. Here are a few that we recommend you avoid. To read more about it
500 – The required anti-forgery form field “__RequestVerificationToken” is not present.
Mean that the token were unable to post back to controller to be verify. The token was missing. Have to check on the postback side, to check why the token is not posting back. package header would be the place to check. Check via browser developer tools
The required anti-forgery cookie “__RequestVerificationToken” is not present.
May be missing @Html.AntiForgeryToken() in the View (form). If the page is not generated from the same server, the page will get rejected.
As I’m musing what is my new job going to be like, how would the job be? how is the working environment? Are the people over there helpful? can I survive? What is my strategy? the journey to workplace is quite far too and will this job affect my study? Is this the right time to move to a new company? Seem like more and more things were added into my thought. I’m not sure what my future is. How to proceed with my life as I’m already nearly half way through and things are getting tougher. Continue reading →