ASP.NET MVC Tip #10 - Prevent URL Manipulation Attackshttp://weblogs.asp.net/stephenwalther/archive/2008/06/26/prevent-url-manipulation-attacks.aspxIn this tip, Stephen Walther explains how hackers can steal sensitive information from an ASP.NET MVC website by manipulating URLs. I also discuss how you can build unit tests to prevent this type of attack by mocking the ControllerContext.enCommunityServer 2007 SP1 (Build: 20510.895)re: ASP.NET MVC Tip #10 - Prevent URL Manipulation Attackshttp://weblogs.asp.net/stephenwalther/archive/2008/06/26/prevent-url-manipulation-attacks.aspx#6719345Tue, 04 Nov 2008 09:06:34 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:6719345NelisNelis<p>How about always preventing a certain link? In case you only want to render that view as a result of a post on another page.</p> <p>I could imagine to not use RedirectToAction but to return View('&lt;name&gt;'). However, you get the F5/Refresh problem on the previous page in return.</p> <p>Furthermore, if the new page contains a FORM you still need an action that accepts the POST command.</p> <p>I'd like any thoughts on this subject</p> <p>Session state?</p> <p>ActionFilter?</p> <p>combination of those?</p> <p>something completely different?</p> <img src="http://weblogs.asp.net/aggbug.aspx?PostID=6719345" width="1" height="1">ASP.NET MVC Archived Blog Posts, Page 1http://weblogs.asp.net/stephenwalther/archive/2008/06/26/prevent-url-manipulation-attacks.aspx#6325716Fri, 27 Jun 2008 04:28:33 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:6325716ASP.NET MVC Archived Blog Posts, Page 1ASP.NET MVC Archived Blog Posts, Page 1<p>Pingback from &nbsp;ASP.NET MVC Archived Blog Posts, Page 1</p> <img src="http://weblogs.asp.net/aggbug.aspx?PostID=6325716" width="1" height="1">ASP.NET MVC Tip #10 - Prevent URL Manipulation Attacks - Stephen Walther on ASP.NET MVChttp://weblogs.asp.net/stephenwalther/archive/2008/06/26/prevent-url-manipulation-attacks.aspx#6324889Thu, 26 Jun 2008 23:36:35 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:6324889ASP.NET MVC Tip #10 - Prevent URL Manipulation Attacks - Stephen Walther on ASP.NET MVCASP.NET MVC Tip #10 - Prevent URL Manipulation Attacks - Stephen Walther on ASP.NET MVC<p>Pingback from &nbsp;ASP.NET MVC Tip #10 - Prevent URL Manipulation Attacks - Stephen Walther on ASP.NET MVC</p> <img src="http://weblogs.asp.net/aggbug.aspx?PostID=6324889" width="1" height="1">