Anti-forgery tokens using HTML Form or Razor View

Anti-forgery tokens or request verification tokens are used in ASP.NET MVC to avoid CSRF attack. Anti-forgery tokens or request verification tokens help in preventing the CSRF attacks. The .Net framework has a built-in support to create and validate anti-forgery tokens. The @Html.AntiForgeryToken() method in the MVC Razor engine creates the anti-forgery tokens. The validation of an anti-forgery token can be achieved by decorating the controller or action with the [ValidateAntiForgeryToken] attribute.

How does an Anti-forgery token work?

Let's see how the server accepts or rejects a request based on the anti-forgery token. Given in the following are the steps that are involved in making the anti-forgery ...

Get ASP.NET Web API Security Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET Web API Security Essentials by Rajesh Gunasundaram

Anti-forgery tokens using HTML Form or Razor View

How does an Anti-forgery token work?

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly