{"id":19784762,"url":"https://github.com/liushuping/web-security-examples","last_synced_at":"2025-02-28T07:18:57.410Z","repository":{"id":66213054,"uuid":"65352346","full_name":"liushuping/Web-Security-Examples","owner":"liushuping","description":"Example projects for demonstrating Web application securities","archived":false,"fork":false,"pushed_at":"2016-09-18T14:03:22.000Z","size":233,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-11T02:52:26.812Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://liushuping.com/Web-Security-Fundamentals/","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/liushuping.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-08-10T05:11:16.000Z","updated_at":"2016-09-01T15:37:21.000Z","dependencies_parsed_at":"2023-02-22T06:15:51.390Z","dependency_job_id":null,"html_url":"https://github.com/liushuping/Web-Security-Examples","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liushuping%2FWeb-Security-Examples","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liushuping%2FWeb-Security-Examples/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liushuping%2FWeb-Security-Examples/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liushuping%2FWeb-Security-Examples/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/liushuping","download_url":"https://codeload.github.com/liushuping/Web-Security-Examples/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241117252,"owners_count":19912508,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-12T06:12:33.584Z","updated_at":"2025-02-28T07:18:57.386Z","avatar_url":"https://github.com/liushuping.png","language":"C#","readme":"Web Application Security Examples\n---\n\nExample projects for demonstrating Web application securities\n\n## Table Of Contents\n * [Prerequisites](#prerequisites)\n * [Preparation](#preparation)\n * [Guides for doing hands-on exercises](#guides-for-doing-hands-on-exercises)\n * [Hands-on exercises](#hands-on-exercises)\n   * [Basic authentication](#basic-authentication)\n   * [Forms authentication](#forms-authentication)\n\n## Prerequisites\n* Basic knowledge of C#\n* Basic knowledge of JavaScript and HTML\n* Basic knowledge of HTTP and Web\n\n## Preparation\nTo be able to run hands-on excercises, install below listed tools:\n* Install [Git](https://git-scm.com/)\n* Install [Visual Studio Code](https://code.visualstudio.com/)\n* Install [C# extension for Visual Studio Code](https://marketplace.visualstudio.com/items?itemName=ms-vscode.csharp)\n* Install [.NET Core](https://www.microsoft.com/net/core)\n* Install [Chrome](https://www.google.com/chrome/)\n* Install [JSONView extension for Chrome](https://chrome.google.com/webstore/detail/jsonview/chklaanhfefbnpoihckbnefhakgolnmc)\n* Install [Postman application for Chrome](https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop)\n\n## Guides for doing hands-on exercises\n[to be documented]\n\n## Hands-on exercises (C# .NET Core)\n### Basic authentication\nFirstly, view and run the BooksOnline.Api web application project\n 1. From terminal (cmd on Windows), navigate to `BooksOnline.Api` folder\n 2. Type `code .` from terminal to open the project\n 3. Type `dotnet run` from terminal to run the web application\n 4. From Chrome browser, enter http://localhost:5000/books\n 5. A list of books (in JSON format) will be displayed in browser\n\nThere is no authentication check in the API (http://localhost:5000/books), Now add basic authentication for it:\n 1. Locate file `BooksController.cs`\n 2. Add `[Authorize(ActiveAuthenticationSchemes = \"Basic\")]` attribute to the `Get()` method to add Basic authentication for the API\n 3. Re-run the application and visit http://localhost:5000/books\n 4. There should be a popup windows asking for credentials\n 5. Open browser's Developer Tools window to check Authorization header from below requests / responses\n 6. Try to input some random invalid credentials, browser should keep asking credentials\n 7. Input the hard-coded credentials `admin:admin`, then the books list should be returned.\n 8. For the authentication details, go to `BasicAuthenticationHandler.cs` to view the details.\n \n![img](images/basic_auth_header.png)\n\n### Forms authentication\nView and run the BooksOnline web application project\n 1. From terminal (cmd on Windows), navigate to `BooksOnline` folder\n 2. Type `dotnet run` from terminal to run the project\n 3. From Chrome browser, enter http://localhost:5001\n 4. The home page is displayed\n \nThere is no authentication of the home page, now add forms authentication for it:\n 1. Locate file `HomeController.cs`\n 2. Add `[Authorize]` attribute at class level\n 3. Re-run the application and visit http://localhost:5001\n 4. The page should be redirected to login page\n 5. Open browser's Developer Tools window to check the network traffics from login process\n 6. Input the hard-coded credentials `test@localhost:password`, then home page should be returned.\n 7. Read the `Login(LoginViewModel model, string returnUrl = null)` method from file `AccountController.cs` understand how the user is authenticated.\n \n### Claims-based authenticaion\nThis exercise requires an OpenId Connect authentication service, Azure Active Directory is one of the services.\n 1. Register http://localhost:5001 in an Azure Active Directory instance\n 2. find and uncomment the block `app.UseOpenIdConnectAuthentication` to enable OpenID Connect authentication\n 3. Input the registered client ID and authority for the OpendID Connect options\n 4. Add `[Authorize(ActiveAuthenticationSchemes=\"BooksOnlineCookie\")]` attribute to `HomeController.cs` as class level\n 5. Re-run the application and visit http://localhost:5001\n 6. The page should be redirected to Azure Active Directory login page.\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fliushuping%2Fweb-security-examples","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fliushuping%2Fweb-security-examples","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fliushuping%2Fweb-security-examples/lists"}