none
asp.net replay attacks and forms auth RRS feed

  • Question

  • sorry I cant find asp.net forum so Im posting here

    Hi,

    Im using asp.net 4.7 mvc 5. Im looking into remediation of replay attacks, my website is on a web farm across a couple web servers, I am using forms authentication. I am looking into a nonce solution but this is not a silver bullet solution. I would prefer not to store one time use tokens in the database and also feel it is an anit-pattern to store non static tokens in session or cache. I am looking for any solution you might have developed for customers. I understand that the inbuilt forms auth membership is already hitting the database, is there any version of the forms auth library that will do such a thing so then at least Im not double hitting the database.

    thanks

    • Moved by CoolDadTx Wednesday, August 21, 2019 1:42 PM ASP.NET related
    Saturday, August 17, 2019 8:17 AM

All replies

  • Hello,

    Use the following site for this question, there are several sub-forums that can assist.

    https://forums.asp.net/


    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    StackOverFlow
    profile for Karen Payne on Stack Exchange

    Saturday, August 17, 2019 1:35 PM
    Moderator
  • Hi deanvanrooyen,

    Thank you for posting here.

    You could find asp.net forum here.

    The Visual C# forum discusses and asks questions about the C# programming language, IDE, libraries, samples, and tools.

    Best Regards,

    Jack


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, August 21, 2019 8:20 AM