Welcome...



...All those moments will be lost in time, like tears in rain....

- soliloquy from Blade Runner


Bits and bytes do get lost, awash in the rain of data flow that is Internet. They slip away from us, never to found again... some of them will be captured here, many more will not... like tears in rain...



Wednesday, June 5, 2013

Anti forgery token

 Premise is simple - you need token to verify that this is you who is posting to the page and not somebody else posting for you.

 Token is written to the form and to the cookie using HtmlHelper.AntiForgeryToken() helper, and when form is posted, controller will validate the token for the post action that has token validation attribute enabled:
 
[HttpPost]
[ValidateAntiForgeryToken(Salt = Constants.AntiForgeryTokenSalt)]

 There is a great article by Scott Gu about it:

http://weblogs.asp.net/dixin/archive/2010/05/22/anti-forgery-request-recipes-for-asp-net-mvc-and-ajax.aspx


No comments:

Post a Comment