Walter.BOM Namespace
Walter.Web.FireWall Namespace
ASP-WAF Web application firewall for .Net 6, .Net 5, .Net Standard 2.1 and .Net Core 3.x

ActionProtectorAttribute Class

Class ActionProtectorAttribute allows you to discover malicious activity against actions and the models that are posted to these actions

Namespace:  Walter.Web.FireWall.Annotations
Assembly:  Walter.Web.FireWall (in Walter.Web.FireWall.dll)

Syntax


public sealed class ActionProtectorAttribute : ProtectorBase

Remarks


At the moment the framework only supports actions with 1 parameter. We expect you to have a view model that will satisfy ModelState property of a controller

Examples


This sample comes from the getting started manual. This manual does contain quite a few samples for you to use in your projects
C#
[HttpPost]
   [Ignore(skip: FireWallGuardActions.RejectWrongUserType)]
   [ActionProtector(blockAfterInvalidModelCount: 5
   , redirectToController: "home"
   , redirectToAction: "blocked", passModel: false)]
   [ValidateAntiForgeryToken]
   public IActionResult Captcha(CaptchaModel model)
   {
   var user = _page.User.AsFirewallUser();
   //1. Make sure the page came from the web application
   if (_page.Referrer is null
   || !_fireWall.License.IsLicensedDomain(_page.Referrer)
   || !_page.Referrer.AbsolutePath.Contains("Captcha", StringComparison.Ordinal))
   {
   //if was triggered by a search engine then ignore it else flag it
   if (_page.User.IsSearchEngine != SearchEngine.NotSure)
   {
   user.UserType |= UserTypes.IsMalicious | UserTypes.IsUsingDeveloperTools;
   }
   }
   // 2. Make sure the user passed the simple test
   if (!ModelState.IsValid)
   {
   if (user.ModelBlockCount - model.ErrorCount > 3)
   {
   user.UserType |= UserTypes.IsMalicious;
   }
   return View(model);
   }
   // 3. Reject to the blocked action for user error
   //    message if we discovered spoofing or other unwanted
   //    activities.
   if (_page.User.IsSpoofing()
   || user.UserType.HasFlag(UserTypes.IsMalicious)
   || user.UserType.HasFlag(UserTypes.IsUsingDeveloperTools))
   {
   return RedirectToActionPermanent("Blocked");
   }
   switch (user.UserType)
   {
   case UserTypes.IsHuman:
   case UserTypes.IsSearchEngine:
   return Redirect(model.RedirectTo);
   case UserTypes.NotDiscovered:
   return View(model);
   default:
   return RedirectToAction("Blocked");
   }
   }

Inheritance Hierarchy


Walter.Web.FireWall.Filters..::..ProtectorBase
  Walter.Web.FireWall.Annotations..::..ActionProtectorAttribute