This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

CRV2 SSL-TLS

From OWASP
Revision as of 11:07, 1 August 2013 by EoinKeary (talk | contribs) (Created page with "'''Ensuring SSL with MVC.NET''' When reviewing MVC .NET is is important to make suer the application transmitts and recieved over a secure link. It is not recommended to only ...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Ensuring SSL with MVC.NET When reviewing MVC .NET is is important to make suer the application transmitts and recieved over a secure link. It is not recommended to only have the login pages over SSL and then default to clear. We also need to protect our session cookie as it is pretty much as useful as a users credentials. 

   public static void RegisterGlobalFilters(GlobalFilterCollection filters)
   {
       ......
       ......
       filters.Add(new RequireHttpsAttribute());    
   }


In the global.asax file we can review the RegisterGlobalFilters method. The attribute RequireHttpsAttribute() can be used to make sure the application runs over SSL/TLS It is recommended that this is enabled for SSL/TLS sites.

Retrieved from "https://wiki.owasp.org/index.php?title=CRV2_SSL-TLS&oldid=156320"