Having recently been implementing many new form pages in ASP.NET MVC, I’ve found myself over and over again adding the following two things to every form.
- After Html.BeginForm() I Put @Html.AntiForgeryToken()
- Add the Attribute [ValidateAntiForgeryToken] To Every Post Action Method
Before I was doing so much ASP.NET MVC, I would often see in Channel 9 videos, the presenter add the AntiForgeryToken() after the BeginForm() method on the cshtml razor page and say something like “you should always add this”. I never saw them say “and don’t forget to add the attribute ValidateAntiForgeryToken to the controller POST method.
To read more about this, click here: