Today i test my ASP.NET MVC web-application and i find out anyone can easily

Question

0

Asked: May 16, 20262026-05-16T04:48:58+00:00 2026-05-16T04:48:58+00:00

Today i test my ASP.NET MVC web-application and i find out anyone can easily

0

Today i test my ASP.NET MVC web-application and i find out anyone can easily submit a form of our website without coming on my website?

Ex: example.com/home/test

[HttpPost]
public ActionResult Test(string name)
{
    return View("home");
}  

<form id="myForm" method="post" action="example.com/home/test">
    <input type="text" name="name" />
    <input type="submit" />
</form>

if other website make this form that when user fill the form that my website will be affect.

Are i can check the request made by user through my website or other.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-16T04:48:58+00:00

It sounds like you may be looking for some Cross-Site Request Forgery (CSRF) help. ASP.NET MVC has a pretty simple tool to help with that:

If you include: <%= Html.AntiForgeryToken() %> inside the form that is being submitted then you can mark your action method with the [ValidateAntiForgeryToken] attribute and have a pretty good handle on stopping CSRF attacks. Don’t take my word for it, check out Steve Sanderson’s [old] blog post about it and it should have all the background and information you’ll need.

http://blog.stevensanderson.com/2008/09/01/prevent-cross-site-request-forgery-csrf-using-aspnet-mvcs-antiforgerytoken-helper/

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Today i test my ASP.NET MVC web-application and i find out anyone can easily

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply