Validation Tokens - POST Action Method v View

Dean Everhart 441 Reputation points
2023-01-18T18:32:27.2+00:00

I understand the [ValidateAntiForgeryToken] in the post methods.

        [ValidateAntiForgeryToken]

I do not understand to what it corresponds in the edit view...

Is it...

@section Scripts {
    @{await Html.RenderPartialAsync("_ValidationScriptsPartial");}
}

...at the bottom of the view?

Re:

The ValidateAntiForgeryToken attribute is used to prevent forgery of a request and is paired up with an anti-forgery token generated in the edit view file (Views/Movies/Edit.cshtml). The edit view file generates the anti-forgery token with the Form Tag Helper.

Tutorial: [https://learn.microsoft.com/en-us/aspnet/core/tutorials/first-mvc-app/controller-methods-views?view=aspnetcore-6.0#additional-resources

Action Method: Edit - Post



View: Edit



ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
2,578 questions
ASP.NET MVC
ASP.NET MVC
A Microsoft web application framework that implements the model-view-controller (MVC) design pattern.
608 questions
No comments
{count} votes

Accepted answer
  1. AgaveJoe 17,131 Reputation points
    2023-01-18T18:49:30.54+00:00

    The _ValidationScriptsPartial partial is for adding client side validation to the HTML form. It has nothing to do with the ValidateAntiForgeryToken. Just open the partial and review the code. It should be pretty clear.

    The asp core form tag helper automatically adds the antiforgery token field to the HTML form.

    Prevent Cross-Site Request Forgery (XSRF/CSRF) attacks in ASP.NET Core

    No comments

0 additional answers

Sort by: Most helpful