asp.net-mvcHtml.AntiForgeryToken


Introduction

The anti-forgery token can be used to help protect your application against cross-site request forgery. To use this feature, call the AntiForgeryToken method from a form and add the ValidateAntiForgeryTokenAttribute attribute to the action method that you want to protect.

Generates a hidden form field (anti-forgery token) that is validated when the form is submitted.

Syntax

  • @Html.AntiForgeryToken()

Remarks

When submitting an ajax request with CSRF token (__RequestVerificationToken) make sure that content type is not set to application/json. If you are using jQuery it automatically sets the content type to application/x-www-form-urlencoded which is then recognised by ASP.NET MVC.

Caution

Use caution when setting this value. Using it improperly can open security vulnerabilities in the application.