asp.net mvc - Trying to generate a new AntiForgeryToken, post authentication -


recently during scanning test security team, have been asked after user logs in, new requestverificationtoken should generated.

currently, antiforgerytoken in _layout.cshtml.

@using (html.beginform(null, null, formmethod.post, new { id = "aftoken" })) {     @html.antiforgerytoken() } 

on view, have:

$('loginform').check( {     submithandler: function (form)      {         var token = $("#aftoken input").val();         var dataobject =          {             __requestverificationtoken: token,             username: $('#name').val(),             password: $('#password').val         };         $.ajax(         {             type: 'post',             url: '@url.action("checkuser", "account")',             data: dataobject,         }).done(function (result) 

and on controller, have:

  [httppost]   [validateantiforgerytoken]   public jsonresult validate(loginhelper logindata) 

looks in order generate new post-authentication rft, have remove code _layout.cshtml file , instead generate rft on every form submission through out application?

also, since using ajax, there needed done in order able post requests?

if remove token _layout, start authentication error.


Comments

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

python Tkinter Capturing keyboard events save as one single string -

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -