On reading about preventing cross-site request forgeries in webforms many authors use statements like this:
To use the ViewStateUserKey property within the Viewstate to protect against spoofed post backs. Add the following in the OnInit virtual method of the Page-derived class (This property must be set in the Page.Init event).
protected override OnInit(EventArgs e) {
base.OnInit(e);
if (User.Identity.IsAuthenticated)
ViewStateUserKey = Session.SessionID; }
The following keys the Viewstate to an individual using a unique value of your choice.
(Page.ViewStateUserKey)
This must be applied in Page_Init because the key has to be provided to ASP.NET before Viewstate is loaded. This option has been available since ASP.NET 1.1
I have tried to put the above one in Base page, where all pages are deriving from that page But I am getting error like OnInit must return value
this is my code
public class BasePage : System.Web.UI.Page
{
protected override OnInit(EventArgs e) {
base.OnInit(e);
if (User.Identity.IsAuthenticated)
ViewStateUserKey = Session.SessionID; }
}
Many thanks in advance
The OnInit declaration is missing the return type void.
protected override void OnInit(EventArgs e)