We need to add [ValidateAntiForgeryToken] attribute before our action. And also should add @Html.AntiForgeryToken() in our form.
We don't need to use [ValidateAntiForgeryToken] attribute for the GET actions. Use POST request from page which was generated by our application. This attack called cross site request forgeries. When we use It will prevent from forgeries.
Controller:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(UserLogin userlogin)
{
<!--/ Check Login -->
}
The View:
@using (@Html.BeginForm("Login", "Admin", FormMethod.Post))
{
@Html.AntiForgeryToken()
<input name="..." type="text" />
}
Post your comments / questions
Recent Article
- ValueError:All arrays must be of the same length - Python
- Check hostname requires server hostname - SOLVED
- How to restrict access to the page Access only for logged user in Django
- Migration admin.0001_initial is applied before its dependency admin.0001_initial on database default
- Add or change a related_name argument to the definition for 'auth.User.groups' or 'DriverUser.groups'. -Django ERROR
- Addition of two numbers in django python
- The request was aborted: Could not create SSL/TLS secure channel -Error in Asp.net
- FieldError: Cannot resolve keyword 'id' into field in Django project
Related Article