Summary of code reading ASP. NET startkit timetracker)

RelatedArticleNavigation

1. SQL server2005 Transact-SQL new weapon learning Summary-Summary
2. Index of flex and fms3 articles
3. Flexair open-source edition-global free multi-person video chat room, free network remote multi-person Video Conferencing System (jointly developed by flex and fms3) <video chat, conference Development Instance 8>

 

In ASP. NET startkit timetrackerProgramWe can use this bug to achieve unauthorized access to the ASPX page.

We all know that the system defines three roles:
Administrator)
Project Manager)
Consultant (consultant)

Only administrator users can access the Management Information Page (projectlist. aspx)

Now let me describe the error:

Now I have an administrator account ai_ai@126.com.
We first log in with this account, to create a consultant role account: ai_c@126.com
Then close the browser immediately. (Note that we use mouse to close the browser instead of using the Logout button provided by the program)
Then open the browser to enter the login page, with the account: ai_c@126.com login system.
In this case, we can use the account of the Advisor role to access the management information page.
Http: // localhost/ttwebcsvs_cn/projectlist. aspx? Index = 2

This bug is not contrary to the access permission of the system role.

Now let's look for insects
We can see that the Login User role information of the system is stored in a cookie.
Encryption is performed before data is stored, and static methods like formsauthentication. Encrypt are used.
The cookie name is defined as a constant in global:
Public const string userroles = "userroles"
This is one of the bugs.

Now let's look at another section of application_authenticaterequest in global.Code:
Response. Cookies [userroles]. value = cookiestr;
Response. Cookies [userroles]. Path = "/";
Response. Cookies [userroles]. expires = datetime. Now. addminutes (1 );
We can know from the above that the cookie is valid for one minute.
In this way, you can use another account to log on within one minute after the previous login account is closed, so that the subsequent account can obtain the role information of the previous account.
Because two login accounts use the same cookie named userroles
This is one of the bugs.

To solve this bug, We Can slightly modify the program
The cookie name is unique.

In protected void application_authenticaterequest (Object sender, eventargs E)
Medium
In the code
If (request. isauthenticated = true)
{
Add
String userroles = Global. userroles + context. User. Identity. Name;
This ensures that the cookie name for each login account is different.

Also, make sure to modify the exit button event (in Banner. ascx. CS)

Private   Void Logoff_click ( Object sender, system. eventargs e)
{< br> function onclick ()
{< br> This. style. display = 'none'; codehighlighter1_63_482_open_text.style.display = 'none'; codehighlighter1_63_482_closed_image.style.display = 'inline'; inline = 'inline ';
}< BR >}" id = "codehighlighter1_63_482_open_image" >{< br> function onclick ()
{< br> function onclick ()
{< br> This. style. display = 'none'; outputs = 'none'; codehighlighter1_63_482_open_image.style.display = 'inline'; codehighlighter1_63_482_open_text.style.display = 'inline ';
}< BR >}" id = "codehighlighter1_63_482_closed_image" style = "display: none"> {
Formsauthentication. signout ();

String Userroles = Global. userroles + Context. User. Identity. Name;
// Invalidate roles token
Response. Cookies [userroles]. Value =   "" ;
Response. Cookies [userroles]. Path =   " / " ;
Response. Cookies [userroles]. Expires =   New System. datetime ( 1999 , 10 , 12 );

Context. User =   Null ;
Response. Redirect ( " Default. aspx " , False );
}

 

Of course, there are other solutions.
For example, place the Login User role information data in the system's authentication Cookie's Identity Authentication userdata (the User-Defined string stored in the cookie ).

For specific implementation, refer to my other article:
ASP. NET startkit timetracker (role permission)
Http://www.cnblogs.com/aierong/archive/2004/12/21/79966.html

Thank you!

Favorites and sharing

Add QQ bookmarks to Baidu souzang {
Function onclick ()
{
Window. Open ('HTTP: // myweb.cn.yahoo.com/popadd.html? Url = '+ encodeuricomponent (document. location. href) + '& Title =' + encodeuricomponent (document. title), 'yahoo ', 'scrollbars = Yes, width = 440, Height = 440, Left = 80, Top = 80, status = Yes, resizable = Yes ');
}
} "> Add to Yahoo favorites

RSS subscribe to me What is RSS?

Dongguan. Net Club

Welcome to join