This section describes methods of acquiring user-supplied input, ways of interacting with the user's session, potentially dangerous APIs, and security-relevant configuration options on the ASP.NET platform.
ASP.NET applications acquire user-submitted input via the System.web.HttpRequest class. This class contains numerous properties and methods that web applications can use to access user-supplied data. The APIs listed in Table 19-4 can be used to obtain data from the user request.
|Params||Parameters within the URL query string, the body of a POST request, HTTP cookies, and miscellaneous server variables are stored as maps of string names to string values. This property returns a combined collection of all these parameter types.|
|Item||Returns the named item from within the Params collection.|
|Form||Returns a collection of the names and values of form variables submitted by the user.|
|QueryString||Returns a collection of the names and values of variables within the query string in the request.|
|ServerVariables||Returns a collection of the names and values of a large number of ASP server variables (akin to CGI variables). This includes the raw data of the request, query string, request method, HTTP Host header, and so on.|
|Headers||HTTP headers in the request are stored as a map of string names to string values and can be accessed using this property. ...|