0

In my ASP.NET MVC controller, I accept a postback call to add error logs to my log file.

[HttpPost]
[AllowAnonymous]
public JsonResult AddError(string log)
{
    //add log to log file here
    ...
    ...
    ...
    return Json(new { Code = 0 });
}

This is to allow me to add any unhandled exception in the javascript to my log file. It will help to pinpoint if any problem arises.

This is also can be used by malicious people to put some crazy logs to the log file (eg. to bombard the website).

Is there a way or a technique to prevent this (ie. only allow my javascript to add the log)?

Thanks

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Sam
  • 1,826
  • 26
  • 58
  • You may want to check a similar question over at https://stackoverflow.com/questions/5328154/catch-all-javascript-errors-and-send-them-to-server. – junkangli May 17 '20 at 11:50
  • Hi junkangli, I am actually looking for a technique or the way to prevent anyone (ie. malicious person) to access the `AddError`. The link you provided is more how to add the log which is I am able to do :) – Sam May 18 '20 at 04:37
  • You need to secure your `AddError` API just like any Web API you have. – junkangli May 18 '20 at 07:40
  • Hi junkangli, it is secured. The problem is the javascript error can occur anywhere in the page (for logged in user or for not logged in user). Even if I forced to allow only logged in user can add the log, it doesn't prevent malicious user to register and login to the website and send an `AddError` request. Hence the question, is there a technique to overcome this problem? – Sam May 18 '20 at 13:00

0 Answers0