Saturday, February 21, 2015

How to prevent ClickJacking in .Net\SharePoint sites

Clickjacking is a trick performed by hackers to get confidential information or to cheat users and force them to perform action which they don’t want to do.
For example, they add a transparent layer on the webpage and user will not see the actual button available.
He/She will click the button to perform certain action but as the hacker has used Clickjacking and added another button above that and will get what He or She wants.
For example, even by clicking a video play button on Facebook, you become a member of certain community or unintentionally like certain page which you don’t want to like.

To prevent ClickJacking in .Net/SharePoint applications, just do the following steps:
1. Open Web.Config file.
2. Under <system.webserver> tag add the following lines:
<httpProtocol>
    <customHeaders>
      <add name="X-Frame-Options" value="SAMEORIGIN" />
    </customHeaders>
  </httpProtocol>
Posted by at No comments:

Invalid HTTP response date time

Sometimes, user can't login using his\her credentials to the site using Chrome and FF, or other browsers they support validation on HTTP response date time.

The issue is HTTP response date time is not equal to VM\Server date time:


To solve this issue there is workaround by following the following steps:
1. Open command.
2. Write net stop http
3. Enter
4. Write net start http
5. Enter
6. iisreset

Try to login, and it will work. BUT it may happen again!

To solve this issue with final\permanent solution you need to configure the expired\incorrect HTTP response header by following the following steps:
1. Open IIS.
2. In Feature View, select HTTP response headers
3. In the Set Common HTTP Response Headers dialog box, select the Expire Web content check box and select one of the following options:
  • Select Immediately if you want content to expire immediately after it is sent in a response.
  • Select After if you want the content to expire periodically. Then, in the corresponding boxes, type an integer and select a time interval at which content expires. For example, type 1 and select Days if you want the content to expire daily.
  • Select On (in Coordinated Universal Time (UTC)) if you want the content to expire on a specific day and at a specific time. Then, in the corresponding boxes, select a date and time at which the content expires
4. Click OK.
5. iisreset.


Posted by at No comments:
Subscribe to: Posts (Atom)