{"id":230,"date":"2021-03-30T19:14:32","date_gmt":"2021-03-30T10:14:32","guid":{"rendered":"https:\/\/mvc.auctionpro.co.kr\/?page_id=230"},"modified":"2021-03-30T19:16:28","modified_gmt":"2021-03-30T10:16:28","slug":"validateantiforgerytoken","status":"publish","type":"page","link":"https:\/\/mvc.auctionpro.co.kr\/?page_id=230","title":{"rendered":"ValidateAntiForgeryToken"},"content":{"rendered":"<h3> Remark : <\/h3>\n<h4>  Run this view, url will be open as: http:\/\/localhost:51506\/Account\/Register<\/p>\n<p>Now, suppose you are a hacker and you know the URL from where you can register user in CrossSite_RequestForgery application. Now, you created a Forgery site as Attacker_Application and just put the same URL in post method. <\/p>\n<h4>\n<pre class=\"lang:default decode:true \" >@using (Html.BeginForm(\"Register\", \"Account\", FormMethod.Post, new { @class = \"form-horizontal\", role = \"form\" }))\r\n{\r\n    @*@Html.AntiForgeryToken()*@\r\n  \/\/  &lt;h4&gt;Create a new account.&lt;\/h4&gt;\r\n  \r\n}<\/pre>\n<pre class=\"lang:default decode:true \" title=\"controller\" >[AllowAnonymous]\r\n        public ActionResult Register()\r\n        {\r\n            return View();\r\n        }\r\n\r\n        \/\/\r\n        \/\/ POST: \/Account\/Register\r\n        [HttpPost]\r\n        [AllowAnonymous]\r\n        \/\/[ValidateAntiForgeryToken]\r\n        public async Task&lt;ActionResult&gt; Register(RegisterViewModel model)\r\n        {\r\n            \r\n            return View(model);\r\n        }<\/pre>\n<pre class=\"lang:default decode:true \" >&lt;form method=\"post\" action=\"http:\/\/localhost:51506\/Account\/Register\"&gt;  \r\n    &lt;fieldset&gt;  \r\n        &lt;legend&gt;Registration Form&lt;\/legend&gt;  \r\n        &lt;ol&gt;  \r\n            &lt;li&gt; @Html.LabelFor(m =&gt; m.UserName) @Html.TextBoxFor(m =&gt; m.UserName) &lt;\/li&gt;  \r\n            &lt;li&gt; @Html.LabelFor(m =&gt; m.Password) @Html.PasswordFor(m =&gt; m.Password) &lt;\/li&gt;  \r\n            &lt;li&gt; @Html.LabelFor(m =&gt; m.ConfirmPassword) @Html.PasswordFor(m =&gt; m.ConfirmPassword) &lt;\/li&gt;  \r\n        &lt;\/ol&gt; &lt;input type=\"submit\" value=\"Register\" \/&gt; &lt;\/fieldset&gt;  \r\n&lt;\/form&gt;<\/pre>\n<pre class=\"lang:default decode:true \" >&lt;form id=\"aspnetForm\" action=\"\/article\/purpose-of-validateantiforgerytoken-in-mvc-application\/\" method=\"post\" data-integralas-id-75abcb8a-c2fb-25b1-46c0-384560e72393=\"\"&gt; &lt;div class=\"b-container page-body\"&gt; &lt;div class=\"b-row\"&gt; &lt;div class=\"content\"&gt; &lt;div class=\"user-content\"&gt; &lt;div class=\"PaddingLeft5\" id=\"div2\"&gt;\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Remark : Run this view, url will be open as: http:\/\/localhost:51506\/Account\/Register Now, suppose you are a hacker and you know the URL from where you can register user in CrossSite_RequestForgery application. Now, you created a Forgery site as Attacker_Application and just put the same URL in post method. @using (Html.BeginForm(&#8220;Register&#8221;, &#8220;Account&#8221;, FormMethod.Post, new { @class\u2026 <span class=\"read-more\"><a href=\"https:\/\/mvc.auctionpro.co.kr\/?page_id=230\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-230","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/mvc.auctionpro.co.kr\/index.php?rest_route=\/wp\/v2\/pages\/230","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mvc.auctionpro.co.kr\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/mvc.auctionpro.co.kr\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/mvc.auctionpro.co.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mvc.auctionpro.co.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=230"}],"version-history":[{"count":2,"href":"https:\/\/mvc.auctionpro.co.kr\/index.php?rest_route=\/wp\/v2\/pages\/230\/revisions"}],"predecessor-version":[{"id":233,"href":"https:\/\/mvc.auctionpro.co.kr\/index.php?rest_route=\/wp\/v2\/pages\/230\/revisions\/233"}],"wp:attachment":[{"href":"https:\/\/mvc.auctionpro.co.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=230"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}