Angular 5 XSRF Token

Asked Jun 19 '18 at 21:29

Active Jun 19 '18 at 21:29

Viewed 158 times

Angular 5 httpclient by default provides support for CSRF. However, not sure how to turn this feature on.

Is it by,

Adding create cookie in Global.asax in my Asp.Net MVC server side code?
Adding "@Html.AntiForgeryToken()" in the index.cshtml page and reading it in my API controller?

Thank you.

asked Jun 19 '18 at 21:29

Shankar Naru

1

It is by 2. Add the @Html.AntiForgeryToken method to the MVC view. Add ValidateAntiForgeryToken on the MVC action or controller. See also: https://learn.microsoft.com/en-us/aspnet/mvc/overview/security/xsrfcsrf-prevention-in-aspnet-mvc-and-web-pages – Aedvald Tseh Jun 20 '18 at 10:31
This solution did not work for me. Because, in our application, 1. I added @Html.AntiForgery token to the index.cshtml and then entire application is written in Angular 5 pages. 2. From the Angular services I call web api URL on a different server. So validate method, though it gets the token, it cannot validate it. – Shankar Naru Jul 06 '18 at 16:55

0 Answers0