Tuesday, August 23, 2005

Canonicalization issues

ASP.NET 1.1 has an issues known as canonicalization issue. In fact canonicalization is the process by which all equivalent forms of a name were mapped to a standard unique name which is thus called the canonical form.

According to Netcraft The security hole involves a bug in ASP.NET's handling of URLs, so taht if a visitor to an ASP.NET site substitutes '\' or '%5C' for the '/' character in the URL, they may be able to bypass authentication screens. The technique may also work if a space is subsituted for the slash.It also apparently allows authenticated users to bypass password protection on administrative areas of a site.

But Microsoft published a pretty nice article in it's knowledge base which shows "how to bypass the issue".

Remember that after being authenticated by an ASP.NET form we usually create an authentication cookie which contains users credential and others importants information (like roles informations).

In Application_BeginRequest we can analyze the url information to cope with the issue: this is an example published by Microsoft.

void Application_BeginRequest(object source, EventArgs e)
if (Request.Path.IndexOf('\\') >= 0 System.IO.Path.GetFullPath
(Request.PhysicalPath) != Request.PhysicalPath)

throw new HttpException(404, "not found");


Post a Comment

<< Home