@Html.AntiForgeryToken() renders hidden input <pre class="prettyprint"><code><input name="__RequestVerificationToken" type="hidden" value="GuiNIwhIJZjINHhuS_8FenaFDXIiaE" /> </code></pre> How can I get token value only? Without ugly code like this: <pre class="prettyprint"><code>public static IHtmlString AntiForgeryTokenValue(this HtmlHelper htmlHelper) { var field = htmlHelper.AntiForgeryToken().ToHtmlString(); var beginIndex = field.IndexOf("value=\"") + 7; var endIndex = field.IndexOf("\"", beginIndex); return new HtmlString(field.Substring(beginIndex, endIndex - beginIndex)); } </code></pre>

The anti-CSRF capabilities of MVC actually depend on two tokens: one is a hidden form element, and the other is a cookie. So the Html.AntiForgeryToken() helper doesn't just return an HTML snippet. It also has a side effect of setting this cookie. Note that the cookie value and the form value are not equal since they each encode different pieces of information. If you use the AntiForgery.GetTokens API, this method will return the raw tokens instead of generating an HTML snippet. The parameters to this method are: <ul> <li> oldCookieToken: If the request already contains an anti-CSRF cookie token, provide it here. This parameter may be null.</li> <li> newCookieToken (out parameter): If oldCookieToken was null or did not represent a valid anti-CSRF cookie token, this parameter will be populated with the value that you should put in the response cookie. If oldCookieToken represented a valid anti-CSRF token, then newCookieToken will contain null when the method returns, and you don't have to set a response cookie.</li> <li> formToken (out parameter): This parameter will be populated with the token that should be present in the form body when posting back to the server. This is the value that ends up being wrapped by the hidden input element in a call to Html.AntiForgeryToken().</li> </ul> If you use this API to generate cookie and form tokens manually, you'll need to call the corresponding overload of AntiForgery.Validate in order to validate the tokens.

How to get AntiForgeryToken value without hidden input

@Html.AntiForgeryToken() renders hidden input

<input name="__RequestVerificationToken" type="hidden" value="GuiNIwhIJZjINHhuS_8FenaFDXIiaE" />

How can I get token value only? Without ugly code like this:

public static IHtmlString AntiForgeryTokenValue(this HtmlHelper htmlHelper) {         var field = htmlHelper.AntiForgeryToken().ToHtmlString();         var beginIndex = field.IndexOf("value=\"") + 7;         var endIndex = field.IndexOf("\"", beginIndex);         return new HtmlString(field.Substring(beginIndex, endIndex - beginIndex));     }

How do I get an AntiForgeryToken?

If you use the AntiForgery. GetTokens API, this method will return the raw tokens instead of generating an HTML snippet. The parameters to this method are: oldCookieToken: If the request already contains an anti-CSRF cookie token, provide it here.

What does HTML AntiForgeryToken () do?

AntiForgeryToken()Generates a hidden form field (anti-forgery token) that is validated when the form is submitted.

How does AntiForgery Validate () work?

Validates that input data from an HTML form field comes from the user who submitted the data. Obsolete. Validates that input data from an HTML form field comes from the user who submitted the data and lets callers specify additional validation details.

How does AntiForgeryToken work in MVC?

Anti-Forgery Tokens The server includes two tokens in the response. One token is sent as a cookie. The other is placed in a hidden form field. The tokens are generated randomly so that an adversary cannot guess the values.

The anti-CSRF capabilities of MVC actually depend on two tokens: one is a hidden form element, and the other is a cookie. So the Html.AntiForgeryToken() helper doesn't just return an HTML snippet. It also has a side effect of setting this cookie. Note that the cookie value and the form value are not equal since they each encode different pieces of information.

If you use the AntiForgery.GetTokens API, this method will return the raw tokens instead of generating an HTML snippet. The parameters to this method are:

oldCookieToken: If the request already contains an anti-CSRF cookie token, provide it here. This parameter may be null.
newCookieToken (out parameter): If oldCookieToken was null or did not represent a valid anti-CSRF cookie token, this parameter will be populated with the value that you should put in the response cookie. If oldCookieToken represented a valid anti-CSRF token, then newCookieToken will contain null when the method returns, and you don't have to set a response cookie.
formToken (out parameter): This parameter will be populated with the token that should be present in the form body when posting back to the server. This is the value that ends up being wrapped by the hidden input element in a call to Html.AntiForgeryToken().

If you use this API to generate cookie and form tokens manually, you'll need to call the corresponding overload of AntiForgery.Validate in order to validate the tokens.

How to get AntiForgeryToken value without hidden input

Tags:

asp.net-mvc-4

Alexey Ryazhskikh

People also ask

1 Answers

Levi

Recent Activity

Donate For Us

How to get AntiForgeryToken value without hidden input

Tags:

asp.net-mvc-4

Alexey Ryazhskikh

People also ask

1 Answers

Levi

Related questions

Recent Activity

Donate For Us