The anti-forgery token can be used to help protect your application against cross-site request forgery. To use this feature, call the AntiForgeryToken method from a form and add the ValidateAntiForgeryTokenAttribute attribute to the action method that you want to protect.
Generates a hidden form field (anti-forgery token) that is validated when the form is submitted.
When submitting an ajax request with CSRF token (
__RequestVerificationToken) make sure that content type is not set to
application/json. If you are using jQuery it automatically sets the content type to
application/x-www-form-urlencoded which is then recognised by ASP.NET MVC.
Use caution when setting this value. Using it improperly can open security vulnerabilities in the application.