AntiForgery implementation in Asp.net formats

Question

AntiForgery implementation in Asp.net formats

I am developing httphandler to handle some requests in Web Forms (NOT in MVC).
How can I implement a Cross Cross Site script (e.g. antiforgery in MVC)?
I want to know mre about the anti-friction mechanism in MVC.

+3

asp.net forms httphandler antiforgerytoken

Amir pournasserian Jul 20 '10 at 15:08

source share

1 answer

Steven · Accepted Answer · 2010-07-20T15:36:33+0000

If you can access the page, you can use the ViewStateUserKey property of the page. Here is an example of how to do this from inside the page, but you get the idea:

protected void Page_Init(object sender, EventArgs e)
{
    // Validate whether ViewState contains the MAC fingerprint
    // Without a fingerprint, it impossible to prevent CSRF.
    if (!this.Page.EnableViewStateMac)
    {
        throw new InvalidOperationException(
            "The page does NOT have the MAC enabled and the view" +
            "state is therefore vulnerable to tampering.");
    }

    this.ViewStateUserKey = this.Session.SessionID;
}

ViewStateUserKey , . .

AntiForgery implementation in Asp.net formats

More articles: