We need to add [ValidateAntiForgeryToken] attribute before our action. And also should add @Html.AntiForgeryToken() in our form.
We don't need to use [ValidateAntiForgeryToken] attribute for the GET actions. Use POST request from page which was generated by our application. This attack called cross site request forgeries. When we use It will prevent from forgeries.
Controller:
[HttpPost][AllowAnonymous][ValidateAntiForgeryToken]public ActionResult Login(UserLogin userlogin){<!--/ Check Login -->}
The View:
@using (@Html.BeginForm("Login", "Admin", FormMethod.Post)){@Html.AntiForgeryToken()<input name="..." type="text" />}
Post your comments / questions
Recent Article
- SOLVED-Bootstrap 3 Glyphicons are not working
- Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
- Unable to update the EntitySet 'table' because it has DefiningQuery and no DeleteFunction element exists in the ModificationFunctionMapping
- How to save the web page’s content and save into a string variable in c#?
- The model item passed into the dictionary is of type System.Linq.OrderedEnumerable but this dictionary requires a model item of type System.Collections.Generic.IList
- How to convert http to https Godaddy?
- Delayed object-deferred.state()
- Delayed object-deferred.progress(progressCallbacks)
Related Article