asp.net-mvc Basic usage


Example

The @Html.AntiForgeryToken() helper method protects against cross-site request forgery (or CSRF) attacks.

It can be used by simply using the Html.AntiForgeryToken() helper within one of your existing forms and decorating its corresponding Controller Action with the [ValidateAntiForgeryToken] attribute.

Razor (YourView.cshtml)

@using (Html.BeginForm("Manage", "Account")) {
    @Html.AntiForgeryToken()  
    <!-- ... -->
}

OR

<form>
    @Html.AntiForgeryToken()
    <!-- ... -->
</form>

Controller (YourController.cs)

The target action method:

[ValidateAntiForgeryToken]
[HttpPost]
public ActionResult ActionMethod(ModelObject model)
{
    // ...
}