HtmlHelperRequestVerificationToken Method

Generates a hidden form field (anti-forgery token) that is validated when the form is submitted.

Namespace: GSF.Web.Model
Assembly: GSF.Web (in GSF.Web.dll) Version: 2.4.282-beta

Syntax

C++

JavaScript

Copy

public IEncodedString RequestVerificationToken()

Public Function RequestVerificationToken As IEncodedString

public:
IEncodedString^ RequestVerificationToken()

member RequestVerificationToken : unit -> IEncodedString

function RequestVerificationToken();

View Source

Return Value

IEncodedString
The generated form field (anti-forgery token).

Remarks

The anti-forgery token can be used to help protect your application against cross-site request forgery. To use this feature, call the RequestVerificationToken method from a form and add the ValidateRequestVerificationTokenAttribute attribute to the action method that you want to protect setting FormValidation to true, for example:


            [HttpPost]
            [ValidateRequestVerificationToken(FormValidation = true)]
            [SuppressMessage("Security", "SG0016", Justification = "CSRF vulnerability handled via ValidateRequestVerificationToken.")]
            public void ImportData(CancellationToken cancellationToken)
            {
                 PostData postData = Request.GetPostData();
                 string myFieldValue = postData.FormData["MyField"];
            }

Reference

HtmlHelper Class

GSF.Web.Model Namespace