Hello,
I didn’t find a dedicated category and selected the most close one, for my opinion.
The AntiForgery() class provides two validate methods: (1) parameterless and (2) accepting cookieToken and formToken.
Does (2) requires both token to perform validation? I intend to use either of them and have no way to preserve both.
Thank you,
Leo
You can use the parameterless one, here’s an example:
In your Razor page embed the token in your Form:
<form action="/antiforgery/test" method="POST">
@Html.AntiForgeryToken()
<input name="Field" value="Test"/>
<input type="submit"/>
</form>
Which you can then validate in your Service:
[Route("/antiforgery/test")]
public class AntiForgeryTest
{
public string Field { get; set; }
}
public class AntiForgeryService : Service
{
public object Any(AntiForgeryTest request)
{
AntiForgery.Validate();
...
}
}Thank you.
We use a different approach in displaying UI in our SPA. It doesn’t involve dynamic creation of views. Therewhy we cannot embed a token into client page and like to use a cookie token only.
Does your answer mean that there is no support in antiXsrf cookie token along?
Yes it requires both formToken and cookieToken to perform the validation.