I have separate frontend project in Angular 2 without using MVC and backend project is Web Api (Asp.Net Core) both are hosted on different domain. I implemented AntiForgery token functionality but ...

I have implemented antiforgery token on my login page. Now I had one user pressing back key on the keyboard, and when they click on login button again after filling their credentials, they get er...

I'm making JSON-based AJAX requests and, with MVC controllers have been very grateful to Phil Haack for his Preventing CSRF with AJAX and, Johan Driessen's Updated Anti-XSRF for MVC 4 RC. But, as I...

I am using JQuery with ASP.NET Core 1.0.1 and I have the Ajax call: $("#send-message").on("submit", function (event) { event.preventDefault(); var $form = $(this); $.ajax({ url: "api/messages...

I am using the code as below of this post: First I will fill an array variable with the correct values for the controller action. Using the code below I think it should be very straightforward by...

Visual Studio 2017 with Web Api using .net Core 1.1 I'm using, but I am getting a 400 Bad Request Error. Error Occurs in every way: Angular http Fiddler Postman SoapUI Swagger ASP.NET Web AP...

If the answer is yes then how would ASP.NET MVC find out that which token was linked to which form and how to validate it? I've seen it is creating two separate tokens for each form.

I am developing a web API app running using asp.net core2 and Angular. The detailed development environment config is here. I am trying to configure AntiForgeryToken validation but it keeps failing...

I wonder how does ASP.NET check if an anti-forgery token is valid or not? Like where is ASP.NET storing those tokens? And how are they stored?

A single Razor view contains several forms, each with its own call to @Html.AntiForgeryToken() <form id="f1"> @Html.AntiForgeryToken() </form> <form id="f2"> @Html.AntiForgery...

I was trying to use ValidateAntiForgeryToken in .Net Core but I was getting .AspNetCore.Antiforgery.xxxxxxx cookie is missing. What is this .AspNetCore.Antiforgery.xxxxxxx cookie?

I've recently put Live a web application which was built using MVC 4 and Entity Framework 5. The MVC application uses Razor Views. I noticed using Elmah that when users are logging into the applic...

I have a single-page app (user loads a bunch of HTML/JS and then makes AJAX requests without another call to MVC - only via WebAPI). In WebAPI I have the following: public sealed class WebApiValid...

We use ASP.NET MVC's default Antiforgery technique. Recently a security company did a scan of a form and made note that they could use the same _RequestVerificationToken combination (cookie + hidde...

I have been trying to recreate an Ajax version of the ValidateAntiForgeryToken - there are many blog posts on how to do this for previous versions of MVC, but with the latest MVC 6, none of the cod...

In previous version of ASP.NET during SPA application the idea of AntiForgey token was following: add @Html.AntiForgeryToken(); on the page add __RequestVerificationToken to the request ovverride...

I works on an Asp.net MVC 5 project and know there is 2 way to pass the AntiForgeryToken to the server in ajax calls: Put it in Header Put it in Data I like putting AntiForgeryToken in reques...

I'm occasionally getting this error during normal use, and I've not found a way to stop it without removing the attribute that requires the token, which I'd rather not do. I've gotten this bug dur...

I am working on an ASP.NET MVC application on my local machine using the Visual Studio 2012 built in IISExpress. After a significant progress I decided to make it available across the Local network...

I want to have the MVC project on www.example1.com WebApi project on api.example2.com I want to restrict the access to WebApi. I've tried to implement the Anti-Forgery Token: When I create the ...

I'm working on ASP.NET MVC5 project which has forms authentication enabled. Project is currently in test phase, and hosted online on Azure, but project owner would like to disable all public access...

How to use Anti-Forgery Token With ASP.NET Web API without ASP.NET MVC? Stephen Walther has this article of "Preventing Cross-Site Request Forgery Attacks with ASP.NET MVC" in http://stephenwalthe...

I have recently started exploring Clojure and I wanted to set up a simple web app with basic CRUD functionality. I found a nice tutorial here: http://www.xuan-wu.com/2013-09-21-Basic-Web-Applicatio...

I just did a quick test with a simple ASP.NET MVC 3 sample by modifying default LogOn form. According to this article, both hidden field __RequestVerificationToken and cookies __RequestVerification...

Is @Html.AntiForgeryToken() still required in ASP.NET .NET4.6 vNext? The form decorations have changed to <form asp-controller="Account" asp-action="Login" asp-route-returnurl="@ViewBag.R...