Click or drag to resize

HtmlHelperRequestVerificationToken Method

Generates a hidden form field (anti-forgery token) that is validated when the form is submitted.

Namespace: GSF.Web.Model
Assembly: GSF.Web (in GSF.Web.dll) Version: 2.4.218-beta
Syntax
public IEncodedString RequestVerificationToken()
View Source

Return Value

IEncodedString
The generated form field (anti-forgery token).
Remarks
The anti-forgery token can be used to help protect your application against cross-site request forgery. To use this feature, call the RequestVerificationToken method from a form and add the ValidateRequestVerificationTokenAttribute attribute to the action method that you want to protect setting FormValidation to true, for example:
C#
[HttpPost]
[ValidateRequestVerificationToken(FormValidation = true)]
[SuppressMessage("Security", "SG0016", Justification = "CSRF vulnerability handled via ValidateRequestVerificationToken.")]
public void ImportData(CancellationToken cancellationToken)
{
     PostData postData = Request.GetPostData();
     string myFieldValue = postData.FormData["MyField"];
}
See Also