question

AdeelMirza-7596 avatar image
0 Votes"
AdeelMirza-7596 asked LanHuang-MSFT commented

Implementing request varification tokan

I have read some articles on preventing cross site requests within an webpage by using request verification token in MVC and ASP.NET Core application.
But is there a way to implement this token in a classic ASP.NET application

dotnet-aspnet-webpages
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LanHuang-MSFT avatar image
0 Votes"
LanHuang-MSFT answered LanHuang-MSFT commented

Hi @AdeelMirza-7596,
You can implement it like in asp.net mvc.

  • Generate a token on the server and store it (e.g. in the session)

  • send token to client

  • The client sends it back to the server along with the "normal" form data

  • Check the token on the server if needed

You can refer to the following documents:
Preventing Cross-Site Request Forgery (CSRF) Attacks in ASP.NET MVC Application
https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/preventing-cross-site-request-forgery-csrf-attacks
XSRF/CSRF Prevention in ASP.NET MVC and Web Pages
https://docs.microsoft.com/en-us/aspnet/mvc/overview/security/xsrfcsrf-prevention-in-aspnet-mvc-and-web-pages
Best regards,
Lan Huang


If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the help Lan. But my application is developed in old ASP.NET not MVC

0 Votes 0 ·

Hi @AdeelMirza-7596,
What specific asp.net project are you using? Classic ASP, ASP.NET web pages, ASP.NET Webform?
Best regards,
Lan Huang

1 Vote 1 ·

Hi @AdeelMirza-7596,
You can learn this link about XSRF/CSRF prevention in ASP.NET MVC and web pages.
https://docs.microsoft.com/en-us/aspnet/mvc/overview/security/xsrfcsrf-prevention-in-aspnet-mvc-and-web-pages
Best regards,
Lan Huang

0 Votes 0 ·