Exists, in asp.net-core, a command similar to AntiForgery.Validate();
to validate antiforgery token in the action body?
Code example in dotnet 4.5.1:
public ActionResult Index()
{
if (!User.Identity.IsAuthenticated)
{
System.Web.Helpers.AntiForgery.Validate();
}
// rest of action
}
Based on Daniel`s answer, I change the code to
Another option, based on docs draft, is inject
Antiforgery
as an service.Project.json
Startup.cs
Then validate on controller.
The antiforgery token is automagically generated and added by
FormTagHelper
. You can disable/enable this automatic feature by adding theasp-antiforgery="true"
attribute:Antiforgery token validation can be done automatically using filter attributes in your controllers.
[AutoValidateAntiforgeryToken]
to validate the token on all "unsafe" methods. (Methods other than GET, HEAD, TRACE, OPTIONS).[ValidateAntiforgeryToken]
to always validate the token[IgnoreAntiforgeryToken]
to ignore token validationYou can combine these attributes to achieve the granularity you need. For example:
I have noticed the documentation isnt fully ready in the docs site, but you can see a draft of it in the github issue.