What is the use of @Html.AntiForgeryToken()?

Mhd picture Mhd · Jun 27, 2017 · Viewed 53k times · Source

Why we need to use @Html.AntiForgeryToken()? I searched but I didn't get satisfactory answer.

Answer

Dynamikus picture Dynamikus · Jun 27, 2017

This is a security feature to help protect your application against cross-site request forgery.

Example:

Let's assume you have a register functionality in your web app. You have an AccountController (example.com/account/register) where you expect people to submit their info. Normally before someone posts the registration information needs to visit the actual (example.com/account/register) than submit the form.

Let say I am a bad guy and I want to flood your server with junk info all I need to do is just keep posting directly to (example.com/account/register) without visiting your site. So in order to stop me you implement AntiForgeryToken so you can make it sure I visited the page before I submitted the registration information.

Another example is http://www.binaryintellect.net/articles/20e546b4-3ae9-416b-878e-5b12434fe7a6.aspx.