|
HtmlHelperRequestVerificationToken Method
|
Generates a hidden form field (anti-forgery token) that is validated when the form is submitted.
Namespace: GSF.Web.ModelAssembly: GSF.Web (in GSF.Web.dll) Version: 2.4.218-beta
Syntax public IEncodedString RequestVerificationToken()
Public Function RequestVerificationToken As IEncodedString
public:
IEncodedString^ RequestVerificationToken()
member RequestVerificationToken : unit -> IEncodedString
function RequestVerificationToken();
View SourceReturn Value
IEncodedStringThe generated form field (anti-forgery token).
Remarks
The anti-forgery token can be used to help protect your application against cross-site request
forgery. To use this feature, call the RequestVerificationToken method from a form and add the
ValidateRequestVerificationTokenAttribute attribute to the action method that you
want to protect setting
FormValidation
to
true, for example:
[HttpPost]
[ValidateRequestVerificationToken(FormValidation = true)]
[SuppressMessage("Security", "SG0016", Justification = "CSRF vulnerability handled via ValidateRequestVerificationToken.")]
public void ImportData(CancellationToken cancellationToken)
{
PostData postData = Request.GetPostData();
string myFieldValue = postData.FormData["MyField"];
}
See Also