https://github.com/haacked/aspnetmvc-action-checker

Drop in ASP.NET MVC Controller and Action that displays any actions that modify resources (HTTP POST, PUT, DELETE, and PATCH) that do not have an Authorize or ValidateAniForgeryToken attributes applied.
https://github.com/haacked/aspnetmvc-action-checker

asp-net-mvc security

Last synced: 3 months ago
JSON representation

Drop in ASP.NET MVC Controller and Action that displays any actions that modify resources (HTTP POST, PUT, DELETE, and PATCH) that do not have an Authorize or ValidateAniForgeryToken attributes applied.

• Host: GitHub
• URL: https://github.com/haacked/aspnetmvc-action-checker
• Owner: haacked
• License: mit
• Created: 2017-08-10T22:43:04.000Z (almost 8 years ago)
• Default Branch: master
• Last Pushed: 2017-08-10T23:23:26.000Z (almost 8 years ago)
• Last Synced: 2025-03-21T19:02:57.701Z (3 months ago)
• Topics: asp-net-mvc, security
• Language: C#
• Size: 5.86 KB
• Stars: 39
• Watchers: 3
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# ASP.NET MVC Controller Action Security Checker

This is a [Drop in ASP.NET MVC Controller and Action](https://raw.githubusercontent.com/Haacked/aspnetmvc-action-checker/master/SystemController.cs) that displays any actions that modify resources (HTTP POST, PUT, DELETE, and PATCH) that do not have an Authorize or ValidateAniForgeryToken attributes applied.

## Usage

Add the [`SystemController` file](https://raw.githubusercontent.com/Haacked/aspnetmvc-action-checker/master/SystemController.cs) to your ASP.NET MVC project, make sure there's a route that'll reach it, and then visit it in a local instance of your site. It only shows up for localhost requests for security reasons.