Validation Tokens - POST Action Method v View

Dean Everhart 1,496 Reputation points
2023-01-18T18:32:27.2+00:00

I understand the [ValidateAntiForgeryToken] in the post methods. 

        [ValidateAntiForgeryToken]

I do not understand to what it corresponds in the edit view...

Is it...

@section Scripts {
    @{await Html.RenderPartialAsync("_ValidationScriptsPartial");}
}

...at the bottom of the view?

Re:

The ValidateAntiForgeryToken attribute is used to prevent forgery of a request and is paired up with an anti-forgery token generated in the edit view file (Views/Movies/Edit.cshtml). The edit view file generates the anti-forgery token with the Form Tag Helper.

Tutorial: [https://learn.microsoft.com/en-us/aspnet/core/tutorials/first-mvc-app/controller-methods-views?view=aspnetcore-6.0#additional-resources

Action Method: Edit - Post

View: Edit
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,133 questions
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,240 questions
0 comments
Accepted answer
  1. AgaveJoe 26,181 Reputation points
    2023-01-18T18:49:30.54+00:00

    The _ValidationScriptsPartial partial is for adding client side validation to the HTML form. It has nothing to do with the ValidateAntiForgeryToken. Just open the partial and review the code. It should be pretty clear.

    The asp core form tag helper automatically adds the antiforgery token field to the HTML form.

    Prevent Cross-Site Request Forgery (XSRF/CSRF) attacks in ASP.NET Core

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest