How could ASP.NET forms authentication session leak into a different site?

We’re dealing with a vulnerability where a forms authentication from one site can be used within a separate site. I can’t figure out how is IIS or ASP.NET allowing this to occur

Steps:

  1. Login to site1.domain.com as user “admin”
  2. Save authetication cookie value
  3. Go to site2.domain.com and use “EditThisCookie” extension to create a matching authentication cookie from step 2
  4. Submit that to bypass site2’s authentication using site1’s cookie (Logged in as “admin” on site2. Confirmed that I’m looking at site2’s data – not some kind of alias of site1)

Environment:

  • 1 IIS Server (Windows 2016)
  • 2 ASP.NET4 sites (site1.domain.com and site2.domain.com)
  • site1 cookie name is SITE1_AUTH, and site2 cookie name is SITE2_AUTH
  • using inproc session storage
  • using separate application pools for site1 and site2
  • cookies specify full domain ex: site1.domain.com (not domain.com)
  • In the code it’s using FormsAuthentication.SetAuthCookie()
  • site1 and site2 have same user user1

I created a dummy test code to try to reproduce this issue using the relevant ASP.NET authentication code and web.config. I can’t reproduce it in the dummy code though. It only works in the actual (large) application. For that reason I can’t share the relevant source code, so I would be able to accept any hints for further exploration as a solution.

ASP.NET CORE validate is not a function – manual validate trigger

I have a simple asp.net core app generated from asp.net core MVC template. Scaffolded some controllers and views and I was good to go.

I have tested validation with jquery validate unobtrusive. When I use attributes in my models like [Required] everything works, the form is not submitted unless there is everything according to validation rules.

However, on a different page, I need to trigger validation manually. Both functions valid() and validate() throws

typeError validate() is ont a function

However when I go var pas = $ ('form')[3] and call pas.jQuery331028614785259688062.unobtrusiveValidation.validate()

validation is triggered properly and displays a validation message. Problem is that this long jQuery string is every time different, therefore I cannot accept using just this string every time as this changes.

I have checked my scripts jquery validate is referenced properly, after jquery and validation scripts are initialized through @{await Html.RenderPartialAsync("_ValidationScriptsPartial");}

Any ideas?

Authorization using Entity Framework in ASP.NET MVC


1. Backstory

I recently starting programming and I found out that Entity Framework works perfect for my small-sized applications due its simplicity.

I’ve made my custom authorize attribute for MVC controllers and controller methods to check if the current user has a certain role (which is an enum type in my case).

The following code represents my authorize attribute:

public class HasRoleAttribute : ActionFilterAttribute {     private Role _role;      public HasRoleAttribute(Role role)     {         this._role = role;     }      public override void OnActionExecuting(ActionExecutingContext filterContext)     {         var context = new FactoryManagementContext();          var userName = filterContext.HttpContext.User.Identity.Name;         var user = context.Users.FirstOrDefault(item => item.UserName == userName);                var hasRole = user.Role == _role;          if (user == null || !hasRole)         {             // If this user does not have the             // required permission then redirect to login page             var url = new UrlHelper(filterContext.RequestContext);             var loginUrl = url.Content("/Account/Login");             filterContext.HttpContext.Response.Redirect(loginUrl, true);         }     } }  public enum Role  {     Engineer,     Manager,     Admin } 

2. Question

It works as a charm, but I have only one question: is it necessary to initialize the database context every single time when authorizing a user?

How to retrieve value from a view going to a controller using AJAX in ASP.Net MVC?

I have a hard time passing the value of a string entered in the textbox going to the controller using AJAX.

I’ve tried this one but it didn’t work.

    <input type="text" name="refID" id="refID"><br />     <button type="button" class="submit">Submit</button>  $  (document).ready(function () {         $  (".submit").click(function () {             alert("hahaha");             $  .ajax({                  type: 'GET',                 url: '@Url.Action("TransactionVerification", "Dashboard")',                 data: {                     RefID: $  ("#refID").val()                     },                 success: function (response) {                     $  (".content").html(response);                 },                 error: function () {                     alert("Problem on uploading file");                 }              });          });       });  

The Controller

 public async Task<ActionResult> TransactionVerification(String RefId)         { //some code }  

When I debug the value of the RefId in the controller is always null.

Guardar la suma de ASP.net en la base de datos

Hola yo tengo una suma en asp.net asi:

protected void Button1_Click(object sender, EventArgs e)         {             double a = Convert.ToDouble(Numero1.Text);             double b = Convert.ToDouble(Numero2.Text);             double resultadosum = a + b;             Resultado.Text = resultadosum.ToString();         } 

y la vista de la suma esta hecha en aspx necesito el resultado de la suma guardarlo en una base de datos, ya cree la base de datos y tambien añadí el modelo en asp.

Gracias