What is the Antiforgerytoken?

Asked

Viewed 12,475 times

28

What is the AntiForgeryToken and what it serves as in an ASP.NET MVC application?

c# asp.net-mvc .net security-guard

2 answers

30


Is a method which generates and inserts into the HTML generated in view a code to prevent data sending to the server from being falsified.

When using this method he inserts something like this:

<input name="__RequestVerificationToken" type="hidden"
    value="saTFWpkKN0BYazFtN6c4YbZAmsEwG0srqlUqqloi/fVgeV2ciIFVmelvzwRZpArs" />

I put in the Github for future reference.

When the form is sent with this code it is possible to validate whether it was generated by the current session. The attribute ValidateAntiForgeryToken is used to validate in the controller.

It solves some types of attack like CSRF, but not all.

  • 1

    Sensational @bigown every day more learning from your answers.

  • Validateantiforgerytoken makes sense to use in a Web Api?

7

In case you need to pass the information via AJAX with jQuery can do so:~

var token = $('input[name="__RequestVerificationToken"]', form).val();

$.ajax({
    url: "/Controller/Action",
    type: "POST",
    data: {
        __RequestVerificationToken: token,
        IdAnuncio: $("#IdAnuncio").val(),
        Quantidade: quantidade,
        ValorCompra: valorCompra.toFixed(2)
    },
    success: function (data, textStatus, xhr) {
    }
});

Browser other questions tagged c# asp.net-mvc .net security-guard

You are not signed in. Login or sign up in order to post.