Is there any way to centralize enforcement that every action method must have a

Question

0

Asked: May 13, 20262026-05-13T07:55:30+00:00 2026-05-13T07:55:30+00:00

Is there any way to centralize enforcement that every action method must have a

0

Is there any way to centralize enforcement that every action method must have a “ValidateAntiForgeryToken” attribute? I’m thinking it would have to be done by extending one the “routing” classes.

Edit: Or maybe do some reflection at application startup?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-13T07:55:31+00:00

Yes. You can do this by creating your own BaseController that inherits the Mvc Controller, and overloads the OnAuthorization(). You want to make sure it is a POST event before enforcing it:

public abstract class MyBaseController : Controller
{
  protected override void OnAuthorization(AuthorizationContext filterContext)
  {
    //enforce anti-forgery stuff for HttpVerbs.Post
    if (String.Compare(filterContext.HttpContext.Request.HttpMethod,
          System.Net.WebRequestMethods.Http.Post, true) == 0)
    {
      var forgery = new ValidateAntiForgeryTokenAttribute();
      forgery.OnAuthorization(filterContext);
    }
    base.OnAuthorization(filterContext);
  }
}

Once you have that, make sure all of your controllers inherit from this MyBaseController (or whatever you call it). Or you can do it on each Controller if you like with the same code.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Is there any way to centralize enforcement that every action method must have a

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply