asp.net-mvc Html.AntiForgeryToken

Help us to keep this website almost Ad Free! It takes only 10 seconds of your time:
> Step 1: Go view our video on YouTube: EF Core Bulk Extensions
> Step 2: And Like the video. BONUS: You can also share it!

Introduction

The anti-forgery token can be used to help protect your application against cross-site request forgery. To use this feature, call the AntiForgeryToken method from a form and add the ValidateAntiForgeryTokenAttribute attribute to the action method that you want to protect.

Generates a hidden form field (anti-forgery token) that is validated when the form is submitted.

Syntax

  • @Html.AntiForgeryToken()

Remarks

When submitting an ajax request with CSRF token (__RequestVerificationToken) make sure that content type is not set to application/json. If you are using jQuery it automatically sets the content type to application/x-www-form-urlencoded which is then recognised by ASP.NET MVC.

Caution

Use caution when setting this value. Using it improperly can open security vulnerabilities in the application.



Got any asp.net-mvc Question?