'Unauthorized controller method detected by a bot in ASP.NET MVC
Through my application log, I have noticed the following HttpException has been raised:
"A public action method 'MyMethod' was not found on controller 'MyApp.Controllers.MyController'"
Controller: "MyController", Action: "MyAction" (GET)
This is normal because MyAction is a POST method. But MyController can be accessed by authenticated users only, thanks to a controller filter overriding HandleUnauthorizedRequest() method. Moreover, MyAction is called by Ajax from a Scripts file dedicated to authenticated functionalities.
(Please note that MyAction and MyController are not the real names, I have changed them here, and they are absolutely uncommon names which cannot be guessed without reading the JS file.)
I fear for my application security. How is this possible that the existence of this controller method has been detected by an unauthentified user (which is a bot according to its IP address location)? What should I do to avoid that issue?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|