asp.net mvc - Trying to generate a new AntiForgeryToken, post authentication -
recently during scanning test security team, have been asked after user logs in, new requestverificationtoken should generated.
currently, antiforgerytoken in _layout.cshtml.
@using (html.beginform(null, null, formmethod.post, new { id = "aftoken" })) { @html.antiforgerytoken() }
on view, have:
$('loginform').check( { submithandler: function (form) { var token = $("#aftoken input").val(); var dataobject = { __requestverificationtoken: token, username: $('#name').val(), password: $('#password').val }; $.ajax( { type: 'post', url: '@url.action("checkuser", "account")', data: dataobject, }).done(function (result)
and on controller, have:
[httppost] [validateantiforgerytoken] public jsonresult validate(loginhelper logindata)
looks in order generate new post-authentication rft, have remove code _layout.cshtml file
, instead generate rft on every form submission through out application?
also, since using ajax, there needed done in order able post requests?
if remove token _layout, start authentication error.
Comments
Post a Comment