ASP.NET Core CSRF defence with Antiforgery

Cross Site Request Forgery (aka CSRF or XSRF) is one of the most common attacks in which the user is tricked into executing an unwanted action through his browser on his behalf, in one of the sites he is currently authenticated. ASP.Net Core contains an Antiforgery package that can be used to secure your application against this particular risk. For those who have used earlier versions of ASP.Net will see that things have changed a bit in the new framework.

Bharat Dwarkani shared on Mar 05, 2020

dotnetcurry.com

#.NET Core #anti-forgery-token #csrf #security

View all .NET Core related posts

Tags

authentication x42 security x34 entity-framework x27 deployment x26 docker x23 azure x22 api x15 identity-server x14 mediatr x13 performance x12 web-api x12 microservices x12 get-started x12 github x11 clean-architecture x10 grpc x10 authorization x10 architecture x10 multi-tenant x9 integration-tests x8 swagger x8 middleware x8 kubernetes x7 open-source x7 design-pattern x7 cqrs x7 unit-testing x7 angular x7 caching x7 health-check x7 linux-hosting x7 logging x6 identity x6 aws x5 background-service x5 getting-started x5 file-upload x5 ml-net x5 ci x5 jwt x5 role-based x5 dependency-injection x5 signalr x5 oauth x5 aspnetcore x4 migration x4 saas x4 library x4 paging x4 configuration x4 sample-project x4 razor x4 nugget x4 linux x4 analyzers x4 fluent-validation x4 microservice x4 video x4 framework x4 ddd x4 visual-studio x4 raspberry x4 general x3 redis x3 dapper x3 sorting x3 filtering x3 postgresql x3 react x3 debugging x3 azure-app-service x3 app-secrets x3 hosting x3 csrf x3 anti-forgery-token x3 worker-service x3 seo x3 auto-mapper x3 project-templates x3 background-jobs x3 windows-service x3 graphql x3 openapi x3 2fa x3 error-handling x3 best-practices x3 rabbitmq x3 async x3 external-authentication x3 aspnet x2 azure-key-vault x2 sql x2 csharp x2 serialization x2 json x2 repodb x2 orm x2 bundling x2 gzip x2 performance x2 serilog x2 elastic-search x2 validation x2 pwa x2 feature-management x2 feature-toggle x2 integration-test x2 email x2 blog x2 blog x2 azure-redis x2 data-protection x2 database x2 action-result x2 linq x2 routing x2 xss x2 google-cloud x2 mongo-db x2 app-settings x2 distributed-apps x2 azure-function x2 app-service x2 polly x2 template x2 twilio x2 machine-learning x2 odata x2 github-actions x2 api-gateway x2 rate-limiting x2 key-vault x2 testing x2 translation x2 user-management x2 iot x2 code-quality x2 application-insights x1 joins x1 login x1 multi-tenancy x1 feature-flag x1 wordpress x1 dynamodb x1 libraries x1 bazel x1 jest x1 snapshot-testing x1 pagination x1 compression x1 youtube x1 cdn x1 webhook x1 fluentd x1 knative x1 jsonb x1 no-sql x1 eav x1 system-design x1 cors x1 webpack x1 html-parsing x1 dotnet x1 monitoring x1 razor-library x1 heath-checks x1 reverse-proxy x1 azure-blob x1 scanning x1 razor-templates x1 azure-blob x1 parallel-processing x1 graph-ql x1 ms-sql x1 headers x1 connection-string x1 respone-caching x1 word-press x1 kibana x1 profiling x1 azure-data-studio x1 tips x1 service x1 data-shaping x1 rosyln x1 demo x1 vulnerabilites x1 sql-injection x1 open-redirect x1 hate-os x1 rest-api x1 moq x1 cd x1 jenkins x1 real-time x1 c x1 c x1 benchmarking x1 background-tasks x1 mocking x1 containers x1 site-maintenance x1 nswag x1 http-client x1 resources x1 url-shortner x1 grpc x1 app-services x1 open-id x1 aurora-database x1 rss-feed x1 files-storage x1 practical x1 sample x1 documentaion x1 udemy x1 tutorials x1 c x1 net x1 exception x1 server-sent-events x1 push-messages x1 repository-pattern x1 minification x1 tool x1 whatsapp x1 heroku x1 api-response x1 ocelot x1 enums x1 docs x1 redoc x1 nginx x1 ubuntu x1 object-mapper x1 external-exe x1 session x1 query-string x1 publishing x1 refactoring x1 webp x1 cookie x1 tracing x1 filters x1 repository x1 event-grid x1 bff x1 nservice-bus x1 wpf x1 nlog x1 policy-based x1 rss x1 refit x1 nhibernate x1 crud-operations x1 email-templates x1 guid x1 sitemap x1 qrcode x1 quartz x1 ebook x1 artificial-intelligence x1 streaming x1 stripe x1 payment x1 global-filter x1 message-pack x1 versioning x1 javascript x1 social-login x1 systemd x1 cognitive-service x1 c x1 letsencrypt x1 ssl-certificate x1 sass x1 google x1 extensions x1 device-flow x1 localization x1 globalization x1 auth x1 chat-app x1 dynamic-query x1 plugin-system x1 application-insight x1 output-formatter x1 hangfire x1 installation x1 self-contained x1 starter-template x1 boilerplate x1 project-template x1 publish x1 build x1 startup x1 e-commerce x1 api-docs x1

Tags