Clickjacking – ASP.NET Secure Coding

/0 Comments/in /by

Method #1 Adding the X-Frame-Options in HTTP header

Add the code to the Application_BeginRequest method of global.asax file

void Application_BeginRequest(object sender, EventArgs e)
{
    HttpContext.Current.Response.AddHeader("x-frame-options", "DENY");
}

Method #2 Including frame busting code

<style> html{display : none ; } </style>
<script>
   if( self == top ) {
       document.documentElement.style.display = 'block' ; 
   } else {
       top.location = self.location ; 
   }
</script>

References

http://technet.microsoft.com/en-us/security/cc242650
http://blogs.msdn.com/b/sdl/archive/2009/02/05/clickjacking-defense-in-i…

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *