CSRF or Cross Site Request Forgery attack is a potential vulnerability for MVC applications. The best way to prevent this attack in MVC application is to use Anti-Forgery Token.
Anti-Forgery token is mainly used in form POST actions to verify the source of the POST data. In this method, for each page request, the web server sends a cookie to the client poster. While posting the data or next request time, the web server uses this cookie for client authentication. If the request Â comes from unauthorized site, the cookie will be null or invalid.
AddingÂ [ValidateAntiForgeryToken] above the controller andÂ @Html.AntiForgeryToken() in the view page can prevent cross-site requests forgery.
Read the rest of the post here:Â http://www.codeproject.com/Tips/819077/Prevent-MVC-application-from-Cross-Site-Request-Fo