To prevent Cross-Site Request Forgery (CSRF) attacks, OWASP recommend to always protect POST/PUT requests using an anti-forgery token.
Although trivial when using an HTML <form>
element for submitting information, things get a bit trickier when attempting to submit the same information in an asynchronous HTTP (Ajax) request.
Here is the view-model we’ll be using for this example.
using System.ComponentModel.DataAnnotations;
public class PersonViewModel
{
public int Id { get; set; }
[Required]
public string Firstname { get; set; }
[Required]
public string Lastname { get; set; }
}
#aspdotnet #aspdotnet core #aspdotnet core mvc ajax