Prevent an MVC Application from CSRF

CSRF or Cross Site Request Forgery attack is a potential vulnerability for MVC applications. The best way to prevent this attack in MVC application is to use Anti-Forgery Token.

Anti-Forgery token is mainly used in form POST actions to verify the source of the POST data. In this method, for each page request, the web server sends a cookie to the client poster. While posting the data or next request time, the web server uses this cookie for client authentication. If the request  comes from unauthorized site, the cookie will be null or invalid.

Adding [ValidateAntiForgeryToken] above the controller and @Html.AntiForgeryToken() in the view page can prevent cross-site requests forgery.

Read the rest of the post here:

Leave a Reply

Your email address will not be published. Required fields are marked *