Tutorial by Examples

The @Html.AntiForgeryToken() helper method protects against cross-site request forgery (or CSRF) attacks. It can be used by simply using the Html.AntiForgeryToken() helper within one of your existing forms and decorating its corresponding Controller Action with the [ValidateAntiForgeryToken] attri...

Often times you will see an exception Anti forgery token is meant for user "" but the current user is "username" This is because the Anti-Forgery token is also linked to the current logged-in user. This error appears when a user logs in but their token is still linked to bein...

Due to the vulnerability caused by CSRF, it is generally considered a good practice to check for an AntiForgeryToken on all HttpPosts unless there is a good reason to not do it (some technical issue with the post, there is another authentication mechanism and/or the post does not mutate state like s...

We may forget to apply the Antiforgery attribute for each POST request so we should make it by default. This sample will make sure Antiforgery filter will always be applied to every POST request. Firstly create new AntiForgeryTokenFilter filter: //This will add ValidateAntiForgeryToken Attribute t...

First off you create the form @using (Html.BeginForm()) { @Html.AntiForgeryToken() } Action Method [HttpPost] [ValidateAntiForgeryToken] public ActionResult Test(FormViewModel formData) { // ... } Script <script src="https://code.jquery.com/jquery-1.12.4.min.js"&g...