AntiForgery.Validate Method (HttpContextBase, String)
Note: This API is now obsolete.
Validates that input data from an HTML form field comes from the user who submitted the data and lets callers specify additional validation details.
Namespace: System.Web.Helpers
Assembly: System.Web.WebPages (in System.Web.WebPages.dll)
Syntax
'Declaration
<ObsoleteAttribute("This method is deprecated. Use the Validate() method instead.", _
True)> _
Public Shared Sub Validate ( _
httpContext As HttpContextBase, _
salt As String _
)
'Usage
Dim httpContext As HttpContextBase
Dim salt As String
AntiForgery.Validate(httpContext, salt)
[ObsoleteAttribute("This method is deprecated. Use the Validate() method instead.",
true)]
public static void Validate(
HttpContextBase httpContext,
string salt
)
[ObsoleteAttribute(L"This method is deprecated. Use the Validate() method instead.",
true)]
public:
static void Validate(
HttpContextBase^ httpContext,
String^ salt
)
[<ObsoleteAttribute("This method is deprecated. Use the Validate() method instead.",
true)>]
static member Validate :
httpContext:HttpContextBase *
salt:string -> unit
public static function Validate(
httpContext : HttpContextBase,
salt : String
)
Parameters
- httpContext
Type: System.Web.HttpContextBase
The HTTP context data for a request.
- salt
Type: System.String
An optional string of random characters (such as Z*7g1&p4) that is used to decrypt an authentication token created by the AntiForgery class. The default is null reference (Nothing in Visual Basic).
Exceptions
Exception | Condition |
---|---|
ArgumentException | The current HttpContext value is null reference (Nothing in Visual Basic). |
HttpAntiForgeryException | The HTTP cookie token that accompanies a valid request is missing. -or- The form token is missing. -or- The form token value does not match the cookie token value. -or- The form token value does not match the cookie token value. -or- The salt value supplied does not match the salt value that was used to create the form token. |
Remarks
Call the method to verify that a request was submitted by a legitimate user and that the request was not forged by a malicious script. To use this method, first add a call to the GetHtml() method, which adds a token to an HTML form that can be validated after the page is submitted. If validation fails, the AntiForgery class throws an exception.
Whenever you use the GetHtml(HttpContextBase, String, String, String) method and include a salt value, you must also use the Validate method to supply that same value during validation. If you supply the correct salt value, validation is successful. If you want to use a simplified version of the method that does not require a salt value, call the Validate() overload.