Single post

Prevent One Click Attacks by setting ViewStateUserKey in ASP.NET applications

Here’s an easy way to avoid One Click Attacks in ASP.NET applications. If you have a Base class that all your ASP.NET pages derive from, override the OnInit function. For example:

protected override void OnInit(EventArgs e)
{
    base.OnInit(e);

    if (User.Identity.IsAuthenticated)
        ViewStateUserKey = User.Identity.Name;
}

If you don’t have a base class defined, you would have to put the above code in every ASP.NET page.

LEAVE A COMMENT

theme by teslathemes