28
What is the AntiForgeryToken
and what it serves as in an ASP.NET MVC application?
28
What is the AntiForgeryToken
and what it serves as in an ASP.NET MVC application?
30
Is a method which generates and inserts into the HTML generated in view a code to prevent data sending to the server from being falsified.
When using this method he inserts something like this:
<input name="__RequestVerificationToken" type="hidden"
value="saTFWpkKN0BYazFtN6c4YbZAmsEwG0srqlUqqloi/fVgeV2ciIFVmelvzwRZpArs" />
I put in the Github for future reference.
When the form is sent with this code it is possible to validate whether it was generated by the current session. The attribute ValidateAntiForgeryToken
is used to validate in the controller.
It solves some types of attack like CSRF, but not all.
7
In case you need to pass the information via AJAX with jQuery can do so:~
var token = $('input[name="__RequestVerificationToken"]', form).val();
$.ajax({
url: "/Controller/Action",
type: "POST",
data: {
__RequestVerificationToken: token,
IdAnuncio: $("#IdAnuncio").val(),
Quantidade: quantidade,
ValorCompra: valorCompra.toFixed(2)
},
success: function (data, textStatus, xhr) {
}
});
Browser other questions tagged c# asp.net-mvc .net security-guard
You are not signed in. Login or sign up in order to post.
Sensational @bigown every day more learning from your answers.
– Marconi
Validateantiforgerytoken makes sense to use in a Web Api?
– Ricardo