Clickjacking – ASP.NET Secure Coding
Method #1 Adding the X-Frame-Options in HTTP header
Add the code to the Application_BeginRequest method of global.asax file
void Application_BeginRequest(object sender, EventArgs e) { HttpContext.Current.Response.AddHeader("x-frame-options", "DENY"); }
Method #2 Including frame busting code
<style> html{display : none ; } </style> <script> if( self == top ) { document.documentElement.style.display = 'block' ; } else { top.location = self.location ; } </script>
References
http://technet.microsoft.com/en-us/security/cc242650
http://blogs.msdn.com/b/sdl/archive/2009/02/05/clickjacking-defense-in-i…
Leave a Reply
Want to join the discussion?Feel free to contribute!