Morioh
Login
Milan Reilly

Milan Reilly

2 years ago

Introduction

To prevent Cross-Site Request Forgery (CSRF) attacks, OWASP recommend to always protect POST/PUT requests using an anti-forgery token.

Although trivial when using an HTML <form> element for submitting information, things get a bit trickier when attempting to submit the same information in an asynchronous HTTP (Ajax) request.

Here is the view-model we’ll be using for this example.

using System.ComponentModel.DataAnnotations;

public class PersonViewModel
{
    public int Id { get; set; }

    [Required]
    public string Firstname { get; set; }

    [Required]
    public string Lastname { get; set; }
}

#aspdotnet #aspdotnet core #aspdotnet core mvc ajax

Sending an anti-forgery token with ASP.NET Core MVC AJAX requests

plbonneville.com

Sending an anti-forgery token with ASP.NET Core MVC AJAX requests

Learn how to to submit anti-forgery tokens with ASP.NET Core MVC AJAX requests using jQuery, fetch, and axios. To prevent Cross-Site Request Forgery (CSRF) attacks, OWASP recommend to always protect POST/PUT requests using an anti-forgery token.

3.10 GEEK