If you were using releases of ASP.NET MVC older than MVC 4, you may not know about the additional measure to prevent Cross-site Request Forgery attacks that was introduced with ASP.NET MVC 4.
Fortunately, implementing this functionality in your MVC 4 and MVC 5 Web Applications is relatively simple to accomplish!
In your ASP.NET MVC Razor Views, you simply add the following HTML Helper to the top of the Razor Form:
Fortunately, implementing this functionality in your MVC 4 and MVC 5 Web Applications is relatively simple to accomplish!
In your ASP.NET MVC Razor Views, you simply add the following HTML Helper to the top of the Razor Form:
@Html.AntiForgeryToken()
Then in your MVC Controller for the [HttpPost] action method, you add the following attribute:
[ValidateAntiForgeryToken]
Your resulting [HttpPost] method should therefore look something like this:
[HttpPost]
[ValidateAntiForgeryToken]
That is all that is required to prevent Cross-site Request Forgery attacks in ASP.NET MVC!!
No comments:
Post a Comment