locked
What anti forgery token does? RRS feed

  • Question

  • User88744855 posted

    i like to know briefly What anti forgery token does ? and what kind of security it provides?

    thanks

    Tuesday, December 2, 2014 1:54 AM

Answers

All replies

  • User-821857111 posted

    It generates a value which is stored in a cookie and a hidden field. When a user posts a form that includes the anti forgery token, ASP.NET checks that the value in the hidden field is the same as the value in the cookie. This prevents cross site request forgery because cookies are restricted to the domain that issued them. 

    http://blog.stevensanderson.com/2008/09/01/prevent-cross-site-request-forgery-csrf-using-aspnet-mvcs-antiforgerytoken-helper/

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, December 2, 2014 2:19 AM
  • User88744855 posted

    thanks for reply. can u plzz tell me what is cross site request forgery ? what it does and how one can do the harmful job with cross site request forgery? looking for good discussion. thanks

    Tuesday, December 2, 2014 2:49 AM
  • User-821857111 posted

    Click the link I provided. There's a clear explanation there.

    Tuesday, December 2, 2014 2:53 AM