Click or drag to resize

IAppContextCSRFToken Property

Gets the current Cross-Site Request Forgery (CSRF) token. Normally the CSRF token is automatically injected into a form when the page is rendered and validated when the page is posted back. You can use ValidateCSRFToken(String, CSRFValidationOptions) if explicit validation is required. CSRF token use can be disabled by setting NoCSRFToken on the application. A good CSRF overview can be found at Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet which describes CSRF thusly:

Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. The impact of a successful CSRF attack is limited to the capabilities exposed by the vulnerable application. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the user's context. In effect, CSRF attacks are used by an attacker to make a target system perform a function via the target's browser without knowledge of the target user, at least until the unauthorized transaction has been committed.

Namespace:  NetQuarry
Assembly:  EAP.Core (in EAP.Core.dll) Version: 2.0.0.0 (4.6.8.0)
Syntax
string CSRFToken { get; }

Property Value

Type: String
See Also