Should the AntiForgeryToken be applied to every post action in an ASP.NET MVC application?

Question

0

Asked: May 13, 20262026-05-13T15:41:01+00:00 2026-05-13T15:41:01+00:00

Should the AntiForgeryToken be applied to every post action in an ASP.NET MVC application?

0

Should the AntiForgeryToken be applied to every post action in an ASP.NET MVC application? Off the top of my head I can’t think of any reason why you would not want to include this on every post action, but it seems that nobody ever actually recommends using it on all of your actions.

I’d love to hear your thoughts.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-13T15:41:02+00:00

Editorial Team

2026-05-13T15:41:02+00:00Added an answer on May 13, 2026 at 3:41 pm

I always use it on POST/DELETE/PUT actions. I want to be as sure as I can that the request is coming from a page that my server sent to the browser when I’m changing data as a result.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Should the AntiForgeryToken be applied to every post action in an ASP.NET MVC application?

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply