IAntiforgery Interface
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Provides access to the antiforgery system, which provides protection against Cross-site Request Forgery (XSRF, also called CSRF) attacks.
public interface class IAntiforgerypublic interface IAntiforgerytype IAntiforgery = interfacePublic Interface IAntiforgeryMethods
| GetAndStoreTokens(HttpContext) |
Generates an AntiforgeryTokenSet for this request and stores the cookie token in the response. This operation also sets the "Cache-control" and "Pragma" headers to "no-cache" and the "X-Frame-Options" header to "SAMEORIGIN". |
| GetTokens(HttpContext) |
Generates an AntiforgeryTokenSet for this request. |
| IsRequestValidAsync(HttpContext) |
Asynchronously returns a value indicating whether the request passes antiforgery validation. If the request uses a safe HTTP method (GET, HEAD, OPTIONS, TRACE), the antiforgery token is not validated. |
| SetCookieTokenAndHeader(HttpContext) |
Generates and stores an antiforgery cookie token if one is not available or not valid. |
| ValidateRequestAsync(HttpContext) |
Validates an antiforgery token that was supplied as part of the request. |
Extension Methods
| GetHtml(IAntiforgery, HttpContext) |
Generates an <input type="hidden"> element for an antiforgery token. |
Applies to
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for