We have a .NET C# MVC application with some forms in it which works fine. Now we also have an ASP Classic vbscript page that needed to interact with these forms, but using a regular post we got an error saying the __RequestVerificationToken wasn't set.
So we request the page and then store the token from the hidden input and the cookie in a variable and send it a long with the POST request. And it works.
But seeing its so simple to bypass it, whats the use of it anyway? It offers hardly any protection.
this is an anti forgery token (prevent CSRF attack). It guarantees that the poster is the one who gets the form.
It prevents from anybody to forge a link and have it activated by a powered user.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With