We need to add [ValidateAntiForgeryToken] attribute before our action. And also should add @Html.AntiForgeryToken() in our form.
We don't need to use [ValidateAntiForgeryToken] attribute for the GET actions. Use POST request from page which was generated by our application. This attack called cross site request forgeries. When we use It will prevent from forgeries.
Controller:
[HttpPost][AllowAnonymous][ValidateAntiForgeryToken]public ActionResult Login(UserLogin userlogin){<!--/ Check Login -->}
The View:
@using (@Html.BeginForm("Login", "Admin", FormMethod.Post)){@Html.AntiForgeryToken()<input name="..." type="text" />}
Post your comments / questions
Recent Article
- How to remove all Meta keyword tags? -Jpeg Metadata Adapter
- Your system's memory configuration has changed since it entered hibernation.
- Save image to client browser using jQuery?
- Get filename of image jQuery?
- How to get the image src using JavaScript?
- System.Net.Http.Formatting, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' which has a higher version than referenced assembly 'System.Net.Http.Formatting' with identity 'System.Net.Http.Formatting, Version=4.0.0.0
- Cordova Android build error "Cannot read property 'length' of undefined". An error occurred while running subprocess cordova.
- ERROR in The Angular Compiler requires TypeScript >=3.9.2 and <4.0.0 but 3.8.3 was found instead
Related Article