Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the use of @Html.AntiForgeryToken()?

Why we need to use @Html.AntiForgeryToken()? I searched but I didn't get satisfactory answer.

like image 793
Mhd Avatar asked Jun 27 '17 15:06

Mhd


People also ask

What is use of AntiForgeryToken in in ASP.NET MVC?

This is to prevent Cross-site request forgery in your MVC application. This is part of the OWASP Top 10 and it is vital in terms of web security. Using the @Html. AntiforgeryToken() method will generate a token per every request so then no one can forge a form post.

What is AntiForgeryToken in web API?

Adding an AntiForgeryToken generates a Cryptographically valid hash at the server end which is split and a part is added as a hidden field, whereas the rest goes into a cookie. When data is posted, the Cookie and the Hidden Field are both sent back and if they are missing or they don't match, the POST is rejected.


4 Answers

This is a security feature to help protect your application against cross-site request forgery.

Example:

Let's assume you have a register functionality in your web app. You have an AccountController (example.com/account/register) where you expect people to submit their info. Normally before someone posts the registration information needs to visit the actual (example.com/account/register) than submit the form.

Let say I am a bad guy and I want to flood your server with junk info all I need to do is just keep posting directly to (example.com/account/register) without visiting your site. So in order to stop me you implement AntiForgeryToken so you can make it sure I visited the page before I submitted the registration information.

Another example is http://www.binaryintellect.net/articles/20e546b4-3ae9-416b-878e-5b12434fe7a6.aspx.

like image 72
Dynamikus Avatar answered Sep 29 '22 18:09

Dynamikus


This is to prevent Cross-site request forgery in your MVC application. This is part of the OWASP Top 10 and it is vital in terms of web security. Using the @Html.AntiforgeryToken() method will generate a token per every request so then no one can forge a form post.

like image 29
Jordi Corbilla Avatar answered Sep 29 '22 18:09

Jordi Corbilla


What is the use of @Html.AntiForgeryToken()?

Live - Scenario :

Suppose, you are logged into your bank account and are going to transfer some money to your friend. A hacker knows that you are logged in and also knows the URL of the money transfer submission. Suddenly, you get an email and check it. You see an image and by mistake, you click on that. Then, after a minute or so, you get another message that some amount has been deducted from your account. Actually, that image had been sent by the hacker and behind that image a URL has been submitted on your click.

So that we use AntiForgeryToken() in application prevent from hackers.

like image 34
Arun Kumar Tiwari Avatar answered Sep 29 '22 16:09

Arun Kumar Tiwari


Antiforgery() is for stopping robotic fill up of any forms. Which will stop adding data without getting into the form

like image 26
raz Avatar answered Sep 29 '22 17:09

raz