April 2018
Intermediate to advanced
300 pages
7h 41m
English
Content preview from C# 7 and .NET Core 2.0 High Performance
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Preventing CSRF (Cross-Site Request Forgery) attacks
CSRF is an attack that executes unsolicited operations on a web application on behalf of the authenticated user. Since the attacker is unable to forge the response of the request, it is implicated mostly on HTTP POST, PUT, and DELETE methods, which are used to modify the insert, update, or delete data on the server.
ASP.NET Core provides a built-in token to prevent CSRF attacks, and you can do this yourself by adding the ValidateAntiForgeryTokenAttribute filter while adding MVC in the ConfigureServices method of the Startup class. Here is the code to add an anti-forgery token globally to your ASP.NET Core application:
public void ConfigureServices(IServiceCollection services){services.AddMvc(options ...