CODEWITHSUNDEEP
asp.net-mvc
DotNetDeveloper
DotNetDeveloper

Reputation: 109

ASP.NET MVC POST action request protection

Imagine I have a HTTP POST action with a method signature of:

RegisterUser(string email, string password)

The implementation of this method does some basic validation (e.g. to see if e-mail doesn't already exist in a user repository) and then stores this information as a record in the user repository.

Say I then go on to make an AJAX call to this action from a "registration" view. If some malicious user looks at the markup of that view on the client-side, they'll pretty easily be able to see the URL to the RegisterUser action and determine what they need to pass to it (email and password).

What is then stopping that user from writing a program that calls this action a 100 million times? What safe guards can I put into place? Is there something I should read up on in ASP.NET MVC that will protect me from such a POST attack?

Thanks

Upvotes: 0

Views: 890

Answers (2)

Darin Dimitrov
Darin Dimitrov

Reputation: 1038810

I would recommend you installing the Dynamic IP Restrictions module in IIS or implement a throttling solution in your application. This would prevent the same user from sending multiple requests to the controller action. It won't protect you against DDOS attacks though because in those kind of attacks the requests are coming from different IP addresses.

Upvotes: 2

Darren Lewis
Darren Lewis

Reputation: 8488

The most common form of prevention against a Denial of Service (DOS) attack which is what you are describing is to use some type of Captcha.

Although this question has been closed it should provide some useful information on implementing this within ASP.NET MVC

Upvotes: 1

Related Questions