Thursday, July 16, 2015

Preventing Cross-site Request Forgery attacks in ASP.NET MVC

If you were using releases of ASP.NET MVC older than MVC 4, you may not know about the additional measure to prevent Cross-site Request Forgery attacks that was introduced with ASP.NET MVC 4.

Fortunately, implementing this functionality in your MVC 4 and MVC 5 Web Applications is relatively simple to accomplish!

In your ASP.NET MVC Razor Views, you simply add the following HTML Helper to the top of the Razor Form:

@Html.AntiForgeryToken()



Then in your MVC Controller for the [HttpPost] action method, you add the following attribute:




[ValidateAntiForgeryToken]

Your resulting [HttpPost] method should therefore look something like this:

 



[HttpPost]
[ValidateAntiForgeryToken]

That is all that is required to prevent Cross-site Request Forgery attacks in ASP.NET MVC!!

No comments:

Post a Comment