0

I'm using @Html.AntiForgeryToken() in the form, and in the controller, I have added the attribute [ValidateAntiForgeryToken]

Before I submit the form, I open the console and edit __RequestVerificationToken with a new valid token (I have got it from another form) when I try to submit the form with the new __RequestVerificationToken value, it's passed.

How can I check if the form value is equal to the server value?

Shibu
  • 102
  • 9
  • AntiForgeryToken is mainly for preventing Cross-Site Request Forgery, it works as pair with cookie for validation. You can find more information at [here](https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/preventing-cross-site-request-forgery-csrf-attacks). I am not so sure about what do you mean by server value? – charmian Aug 30 '22 at 09:32
  • @charmian hi dear , thanks for your help, i mean i need to check at server side that the user has not changed the __RequestVerificationToken value with new valid value . – Qais almomany Aug 30 '22 at 10:09
  • There is a post here which mentions an approach to manually check it: https://stackoverflow.com/questions/50535479/net-mvc-do-something-after-validateantiforgerytoken-check-fails – Paritosh Aug 30 '22 at 12:51

0 Answers0