We need to add [ValidateAntiForgeryToken] attribute before our action. And also should add @Html.AntiForgeryToken() in our form.
We don't need to use [ValidateAntiForgeryToken] attribute for the GET actions. Use POST request from page which was generated by our application. This attack called cross site request forgeries. When we use It will prevent from forgeries.
Controller:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(UserLogin userlogin)
{
<!--/ Check Login -->
}
The View:
@using (@Html.BeginForm("Login", "Admin", FormMethod.Post))
{
@Html.AntiForgeryToken()
<input name="..." type="text" />
}
Post your comments / questions
Recent Article
- The request was aborted: Could not create SSL/TLS secure channel -Error in Asp.net
- FieldError: Cannot resolve keyword 'id' into field in Django project
- How to hide the ID field from the Django admin?
- It is impossible to add a non nullable field without specifying a default. Django error
- ImportError: cannot import name 'url' from 'django.conf.urls' - Django Error
- How to Enable Virtualization in BIOS Security Settings in Intel Processors For Android Studio?
- Dependency 'androidx.activity:activity:1.8.0' requires libraries and applications that depend on it.
- AttributeError: 'NoneType' object has no attribute 'get_text' - Python
Related Article