If the answer is yes then how would ASP.NET MVC find out that which token was linked to which form and how to validate it?
I’ve seen it is creating two separate tokens for each form.
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
If the answer is yes then how would ASP.NET MVC find out that which token was linked to which form and how to validate it?
I’ve seen it is creating two separate tokens for each form.
There is nothing specific that you need to do in this case. ASP.NET MVC will simply reuse the same value for all forms so it doesn’t need to know which form sent the request in order to validate it. Simply put an
Html.AntiForgeryToken()in each form and decorate each controller action you are posting to with the[ValidateAntiForgeryToken]attribute and you should be OK.