ProtectAttribute

Members

_{Namespace: ASPSecurityKit.NetFramework.Mvc}
_{Assembly: ASPSecurityKit.NetFramework.Mvc.dll}

Summary

An ASP.NET MVC action filter attribute that protects the associated action by executing a strong security pipeline provided by ASPSecurityKit.

Members

`RequestServiceInitializer`

Summary

Initializer for IRequestService; defaults to initializing the RequestService. Override it to initialize a derived or an entirely different implementation of the IRequestService.

Properties

`ValidateXss`

Summary

Gets or sets a value indicating whether cross-site scripting (XSS) validation should be performed on action parameters. The default is false (as ASP.NET MVC has built-in XSS validator). See remarks for more details.

Value

A Nullable`1 (with T of type Boolean) value indicating whether cross-site scripting (XSS) validation should be performed on action parameters.

Remarks

Before executing the pipeline, the ValidateXss is set with the value of this property upon every request if both differ. By making the value of this property null, you can turn off this behavior and then you control the XSS validation exclusively via the ValidateXss.

Methods

`OnActionExecuting(filterContext)`

Summary

Initializes and executes the ISecurityPipeline before the action method executes.

Parameters

Name	Type	Description
filterContext	System.Web.Mvc.ActionExecutingContext	The filter context.