We need to add [ValidateAntiForgeryToken] attribute before our action. And also should add @Html.AntiForgeryToken() in our form.
We don't need to use [ValidateAntiForgeryToken] attribute for the GET actions. Use POST request from page which was generated by our application. This attack called cross site request forgeries. When we use It will prevent from forgeries.
Controller:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(UserLogin userlogin)
{
<!--/ Check Login -->
}
The View:
@using (@Html.BeginForm("Login", "Admin", FormMethod.Post))
{
@Html.AntiForgeryToken()
<input name="..." type="text" />
}
Post your comments / questions
Recent Article
- ModuleNotFounEerror:No module named celery in Django Project
- How to get domain name information from a Domain using Python
- ModulenotFoundError: no module named 'debug_toolbar' -SOLUTION
- How to create superuser in django project hosted in cPanel without terminal
- CSS & images not loading in django admin | cpanel without terminal
- Could not build wheels for mysqlclient, which is required to install pyproject.toml-based projects
- How to sell domain name on Godaddy (2023)
- TemplateSyntaxError at / Could not parse the remainder: ' + 1' from 'forloop.counter0 + 1'
Related Article