Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have some legacy application that are currently posting basic information to a MVC3 form. I would like to seperate that out to a GET and pass the values in the querystring. Easy enough. However, I would like to add an anti-forgery token to the request. First of all, does this seem like a good option? Second, are there any examples of implementing such functionality from a non-MVC3 module to an MVC3 form?
My other alternative would be to encrypt the querystring.
The Anti-Forgery Token as implemented by ASP.NET is meant as a mechanism to prevent CSRF (that corss-site-request-forgery) and does only work with HTTP
POST.Since you are implementing a
GETbased “API” this Token won’t work (BEWARE of limits for example on the length of a querystring).I am not sure what exactly your goal is… Depending on your goal the solution is encrypting or signing the querystring or both.