D
deanvanrooyen
Guest
sorry I cant find asp.net forum so Im posting here
Hi,
Im using asp.net 4.7 mvc 5. Im looking into remediation of replay attacks, my website is on a web farm across a couple web servers, I am using forms authentication. I am looking into a nonce solution but this is not a silver bullet solution. I would prefer not to store one time use tokens in the database and also feel it is an anit-pattern to store non static tokens in session or cache. I am looking for any solution you might have developed for customers. I understand that the inbuilt forms auth membership is already hitting the database, is there any version of the forms auth library that will do such a thing so then at least Im not double hitting the database.
thanks
Continue reading...
Hi,
Im using asp.net 4.7 mvc 5. Im looking into remediation of replay attacks, my website is on a web farm across a couple web servers, I am using forms authentication. I am looking into a nonce solution but this is not a silver bullet solution. I would prefer not to store one time use tokens in the database and also feel it is an anit-pattern to store non static tokens in session or cache. I am looking for any solution you might have developed for customers. I understand that the inbuilt forms auth membership is already hitting the database, is there any version of the forms auth library that will do such a thing so then at least Im not double hitting the database.
thanks
Continue reading...
