I am having trouble with the AntiForgeryToken with ajax. I’m using ASP.NET MVC 3. I tried the solution in jQuery Ajax calls and the Html.AntiForgeryToken(). Using that solution, the token is now being passed:
I was surfing the web and found article Preventing CSRF with the same-site cookie attribute.
I’m having problems with the AntiForgeryToken in ASP.Net MVC. If I do an iisreset on my web server and a user continues with their session they get bounced to a login page. Not terrible but then the AntiForgery token blows up and the only way to get going again is to blow away the cookie on the browser.
I have created an ASP.Net Web Forms application using Visual Studio 2013 and I am using .NET Framework 4.5. I want to make sure my site is secure from Cross-Site Request Forgery (CSRF), I have found many articles talking about how this feature is implemented on MVC apps, but very few talking about Web Forms. On this StackOverflow question one comment states that
I could use some help complying with Django’s CSRF protection mechanism via my AJAX post. I’ve followed the directions here:
How do you pass a csrftoken with the python module Requests? This is what I have but it’s not working, and I’m not sure which parameter to pass it into (data, headers, auth…)