4. “Cross Site Request Forgery
(XSRF/CSRF) is a type of security
breech where a hacker can trick the
user into making unwanted
requests for a web application
where the user is already
authenticated
10. Antiforgery System
Browser Server
Particular Route Request
HTTP 200 OK
Set Cookie:
antiforgery.token=…
POST /controller/action
Hidden __RequestVerificationToken field
HTTP 200 OK
{ data: “data“ }
Checks if this token is
validated
Create And Store
Token then send the
token in the response