asp.net-mvc Html.AntiForgeryToken
Introduction
The anti-forgery token can be used to help protect your application against cross-site request forgery. To use this feature, call the AntiForgeryToken method from a form and add the ValidateAntiForgeryTokenAttribute attribute to the action method that you want to protect.
Generates a hidden form field (anti-forgery token) that is validated when the form is submitted.
Syntax
- @Html.AntiForgeryToken()
Remarks
When submitting an ajax request with CSRF token (__RequestVerificationToken) make sure that content type is not set to application/json. If you are using jQuery it automatically sets the content type to application/x-www-form-urlencoded which is then recognised by ASP.NET MVC.
Caution
Use caution when setting this value. Using it improperly can open security vulnerabilities in the application.
