A day without ( learning | laughter ) is a lost day
Farhad Zamani
I'm a .Net Core Back-End developer who love new technologies. On this website I want to share what I have learned with you
Creating a time-based one-time password (TOTP) along with its expiration time
By default, .NET uses the Rfc6238AuthenticationService class for generating and validating TOTP (Time-Based One-Time Password) codes. The issue with this class is that the generated TOTP code remains valid for 9 minutes, a timeframe hardcoded and unchangeable. ....
Read more
Invalid cookies after changing users' passwords
In Asp.Net Core, cookies are validated every 30 minutes by default. This means that when the user logs in to the site and enters their information, the user's current claims are stored in the cookie and can access the pages they want, and the cookies are not validated for up to 30 minutes, eve ....
Read more
A way to restrict APIs that each request can be called with a new key (Time-based One-time Password)
TOTP is an algorithm that uses clocks to generate one-time passwords. In this way, a unique code will be generated at any moment. If you have worked with Google Authenticator, you are familiar with this concept. In this article, we want to implement a scenario in which APIs must send a ....
Read more
Prevent Brute Force Attack
One of the most common attacks faced by developers is Brute-Force Attack. In these attacks, users use any possible combination of letters, numbers and symbols to discover the correct combination to discover the password. If your website needs authentication ....
Read more
How to implement password forgetting on the OWASP website
On the first page of implementing a secure password forgetfulness you ask the user to enter at least the information he has already registered. At the very least, you should have collected data that will allow you to send password recovery information to the user via SMS, email, and so on. ....
Read more
هدرهای امنیتی در Asp.Net Core
به صورت پیشفرض امکان نمایش سایت شما در داخل iframe وجود دارد. اما با استفاده از هدر X-Frame-Option میتوان جلوی این کار را گرفت. اما چرا؟ زیرا هرکس میتواند وب سایت شما را داخل یک iframe نمایش دهد و یک لایه ی ....
Read more
حداقل نکات امنیتی در Asp.Net Core
در این مقاله به بررسی چند نکته امنیتی میپردازیم که برای هر وب سایتی الزامیست. لاگین خود را امن پیاده سازی کنید همیشه داده های مهم را هنگام ارسال رمزنگاری کنید کوکی کاربر را بعد از خروج پاک کنید همیشه از SSL استفاده کنید ....
Read more
معرفی Json Web Token
توکن یا Json Web Token و یا به اختصار JWT چیست؟ توکن یک استاندارد وب است که به صورت فشره و خود شمول ( Self-contained ) طراحی شده است و یک راه امن برای انتقال اطلاعات بین مقاصد را توسط یک شی Json فراهم میکند. این اطلاعات قابل ....
Read more