Posts

Showing posts from February, 2018

Adding ASP.NET MVC Anti-Forgery Tokens To All Post Requests Globally

Image
This post is how to implement anti forgery validation with ASP.NET MVC. The anti-forgery token can be used to help protect your application against cross-site request forgery. To use this feature, call the AntiForgeryToken method from a form and add the ValidateAntiForgeryTokenAttribute attribute to the action method that you want to protect. It'll be always good to avoid repetitive coding, especially when the framework is flexible enough to avoid it. Below is my solution to to create a flexible solution to validate all post operations.   Next step will be to register the above filter globally with GlobalFilterCollection in Global.asax: All of our post operations are now checked for forgery; however, this will fail because we haven’t added our token globally. To enable AntiForgeryToken in client side, I added a   @Html.AntiForgeryToken()   element in the   Index.cshtml   file. You can do it   _layout.cshtml   as well. This will render the...