I have been facing serious problem with @Html.AntiForgeryToken() . I have a register controller which had a create view to create/register new members. For that reason I used a @Html.AntiForgeryTok...

ASP.NET MVC's AntiForgeryToken mechanism is based on the current HttpContext.User. It uses that value to construct the token when you call Html.AntiForgeryToken(). Basically it is OK (see an explan...

I just installed ASP.Net MVC 4 RC to replace ASP.Net MVC 4 beta. When trying to run an existing application I'm getting an error message that AntiForgeryToken has been deprecated. Here's my code: ...

I know that Stack Exchange sites do not use the ASP.NET MVC built-in @Html.AntiForgeryToken() for the prevention of XSRF/CSRF attacks. Instead of creating a hidden input named __RequestVerification...

I previously asked a question regarding this, got an interesting answer which got me on my way to, well asking more questions. So here is the next question in my journey to figure out the inner wor...

I am trying to implement AntiForgeryToken for my MVC3 Application. I am having a problem with AntiForgeryToken after setting FormAuthentication cookie. Here is a simple example which explains my pr...

I have an mvc2 app which is serving content through iframes. The iframed page is simply a form. It has a request validation token. Everything works well cross domain until a developer uses the Visu...

I'm creating a page that makes multiple AJAX form posts without a page refresh. I would like to use the ASP.NET MVC HTML.AntiForgeryToken() helper to secure the form against CSRF attacks. I think ...

UPD: Same question asked on security.stackexchange.com and the answer I got is different. Please follow there, to get the correct answer! I'm running a rather large site with thousands of visits e...

I'm working on improving the security of my company's website and wanted to create a token to prevent forgery attempts that could be easily maintained this is what I came up with. public class Ant...

I'm trying to protect an application (php and lots of JS) from CSRF. I want to use tokens. A lot of operations are done with AJAX, so I have to pass the token in Javascript. If I want to generate...

Using ASP.Net MVC v2.0, I am starting to research the use of the Html.AntiForgeryToken() method when submitting forms that process data. I can see it sets a hidden value in the form HTML and it set...