HtmlHelperRequestVerificationToken Method

Generates a hidden form field (anti-forgery token) that is validated when the form is submitted.

Namespace: GSF.Web.Model
Assembly: GSF.Web (in GSF.Web.dll) Version: 2.4.207-beta

Syntax

C++

JavaScript

Copy

public IEncodedString RequestVerificationToken()

Public Function RequestVerificationToken As IEncodedString

public:
IEncodedString^ RequestVerificationToken()

member RequestVerificationToken : unit -> IEncodedString

function RequestVerificationToken();

View Source

Return Value

IEncodedString
The generated form field (anti-forgery token).

Remarks

The anti-forgery token can be used to help protect your application against cross-site request forgery. To use this feature, call the RequestVerificationToken method from a form and add the ValidateRequestVerificationTokenAttribute attribute to the action method that you want to protect setting FormValidation to true, for example:

Copy

[HttpPost]
[ValidateRequestVerificationToken(FormValidation = true)]
[SuppressMessage("Security", "SG0016", Justification = "CSRF vulnerability handled via ValidateRequestVerificationToken.")]
public void ImportData(CancellationToken cancellationToken)
{
     PostData postData = Request.GetPostData();
     string myFieldValue = postData.FormData["MyField"];
}

Reference

HtmlHelper Class

GSF.Web.Model Namespace