IAntiforgery IAntiforgery IAntiforgery Interface


Provides access to the antiforgery system, which provides protection against Cross-site Request Forgery (XSRF, also called CSRF) attacks.

public interface IAntiforgery
type IAntiforgery = interface
Public Interface IAntiforgery


GetAndStoreTokens(HttpContext) GetAndStoreTokens(HttpContext) GetAndStoreTokens(HttpContext)

Generates an AntiforgeryTokenSet for this request and stores the cookie token in the response. This operation also sets the "Cache-control" and "Pragma" headers to "no-cache" and the "X-Frame-Options" header to "SAMEORIGIN".

GetTokens(HttpContext) GetTokens(HttpContext) GetTokens(HttpContext)

Generates an AntiforgeryTokenSet for this request.

IsRequestValidAsync(HttpContext) IsRequestValidAsync(HttpContext) IsRequestValidAsync(HttpContext)

Asynchronously returns a value indicating whether the request passes antiforgery validation. If the request uses a safe HTTP method (GET, HEAD, OPTIONS, TRACE), the antiforgery token is not validated.

SetCookieTokenAndHeader(HttpContext) SetCookieTokenAndHeader(HttpContext) SetCookieTokenAndHeader(HttpContext)

Generates and stores an antiforgery cookie token if one is not available or not valid.

ValidateRequestAsync(HttpContext) ValidateRequestAsync(HttpContext) ValidateRequestAsync(HttpContext)

Validates an antiforgery token that was supplied as part of the request.

Extension Methods

GetHtml(IAntiforgery, HttpContext) GetHtml(IAntiforgery, HttpContext) GetHtml(IAntiforgery, HttpContext)

Generates an <input type="hidden"> element for an antiforgery token.

Applies to