We need to add [ValidateAntiForgeryToken] attribute before our action. And also should add @Html.AntiForgeryToken() in our form.
We don't need to use [ValidateAntiForgeryToken] attribute for the GET actions. Use POST request from page which was generated by our application. This attack called cross site request forgeries. When we use It will prevent from forgeries.
Controller:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(UserLogin userlogin)
{
<!--/ Check Login -->
}
The View:
@using (@Html.BeginForm("Login", "Admin", FormMethod.Post))
{
@Html.AntiForgeryToken()
<input name="..." type="text" />
}
Post your comments / questions
Recent Article
- How to programmatically modifying the AppSetting value in web.config using c#?
- TypeError [ERR_INVALID_CALLBACK]: Callback must be a function. Received undefined
- How to calculate the age from jQuery ui datepicker using c#?
- How to calculate days difference between two dates in c#?
- Changing date format in jQuery ui datepicker
- How to set value to nicedit textarea using jQuery?
- How to load data from json file in angular?
- cannot find module consider using '--resolvejsonmodule' to import module with json extension angular
Related Article