Validation Tokens - POST Action Method v View

Dean Everhart 926 Reputation points
2023-01-18T18:32:27.2+00:00

I understand the [ValidateAntiForgeryToken] in the post methods. 

        [ValidateAntiForgeryToken]

I do not understand to what it corresponds in the edit view...

Is it...

@section Scripts {
    @{await Html.RenderPartialAsync("_ValidationScriptsPartial");}
}

...at the bottom of the view?

Re:

The ValidateAntiForgeryToken attribute is used to prevent forgery of a request and is paired up with an anti-forgery token generated in the edit view file (Views/Movies/Edit.cshtml). The edit view file generates the anti-forgery token with the Form Tag Helper.

Tutorial: [https://learn.microsoft.com/en-us/aspnet/core/tutorials/first-mvc-app/controller-methods-views?view=aspnetcore-6.0#additional-resources

Action Method: Edit - Post

View: Edit
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
2,856 questions
ASP.NET MVC
ASP.NET MVC
A Microsoft web application framework that implements the model-view-controller (MVC) design pattern.
744 questions
Accepted answer
  1. AgaveJoe 20,306 Reputation points
    2023-01-18T18:49:30.54+00:00

    The _ValidationScriptsPartial partial is for adding client side validation to the HTML form. It has nothing to do with the ValidateAntiForgeryToken. Just open the partial and review the code. It should be pretty clear.

    The asp core form tag helper automatically adds the antiforgery token field to the HTML form.

    Prevent Cross-Site Request Forgery (XSRF/CSRF) attacks in ASP.NET Core

0 additional answers

Sort by: Oldest
Most helpful Newest Oldest