Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Secure .NET Core Applications From the Open Redirect Attacks: .NET Core Security Part IV

DZone's Guide to

Secure .NET Core Applications From the Open Redirect Attacks: .NET Core Security Part IV

In this post, we'll discuss how to secure your .NET Core web application from the Open Redirect attack. Let's get going!

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

You can find my all .NET Core posts here.

In these series of posts, we will look at how to secure your .NET Core applications.

In this post, we will look at how to secure your .NET Core application from the Open Redirect attack.

What is the Open Redirection Attack?

An Open Redirection attack is a URL Redirection. An Open Redirection attack is a kind of vulnerability that redirects you to another page when you're attempting to access a website, usually integrated with a phishing attack.

To Put it Another Way:

  • For example, you visited a site's page which you cannot access without logging in. For example, http://www.exampleposts.com/FeaturedPosts
  • So the site will redirect you to the login page first.
  • Once you log in, the site will create a redirect URL which looks somewhat similar to this: http://www.exampleposts.com/FeaturedPosts/Login?returnUrl=www.exapleposts.com/FeaturedPosts (Notice exapleposts.com instead of exampleposts.com).
  • As you can see above, a malicious site can tamper with the URL in between and the URL will be changed.
  • This will redirect the user to a malicious site which looks almost similar to the original site.
  • For example, the user gets an email with a malicious link (as explained above) to login to a site and when the user logins, the user will be redirected to the malicious site.
  • The malicious site may ask the user to add their credentials again by showing an incorrect password message and when the user enters the credentials again, the hacker will have all the important data.

How to Prevent This

  • To prevent this, we need to check the URL once the redirect occurs whether the URL is local or not.
  • If a controller redirects to any another page, we need to check whether the site is a local URL or a malicious site.

How to prevent this in .NET Core

There are 2 ways to prevent this attack in .NET Core using IsLocalUrl.

  • This method is under the namespace Microsoft.AspNetCore.Mvc and it returns a value that indicates whether the URL is local or not.
  • It returns true for local URLs and false for non-local.

Example:

private IActionResult UrlRedirect(string returnUrl)
{
if (Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
else
{

return RedirectToAction("Error", "Home");

//// Also Log returnUrl so that we can have more details
}
}

Using LocalRedirect

  • This is a helper method and it is under the namespace Microsoft.AspNetCore.Mvc
  • LocalRedirect will throw an exception if a non-local (malicious) site is present in the URL.
  • If the URL is local then it behaves just like a Redirect method.

Example:

public IActionResult UrlRedirect(string redirectUrl)
{
return LocalRedirect(redirectUrl);
}

Hope this helps!

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
security ,web application security ,open redirection attack ,.net core

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}