In this post, I will tell you about Anti Forgery Tokens with AngularJS and ASP.NET 5. Single Page Applications utilizing AngularJS with ASP.NET by default leave our Web API methods open to forgery abuse. A couple of straightforward steps will permit you to include hostile to phony security. The primary step will be to make a custom activity channel ascribe to test our answer which you can use to finish web programming interface classes or individual activities.
public sealed class ValidateCustomAntiForgeryTokenAttribute : ActionFilterAttribute
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
if (actionContext == null)
throw new ArgumentNullException("actionContext");
var headers = actionContext.Request.Headers;
var cookie = headers
.Select(c => c[AntiForgeryConfig.CookieName])
var tokenFromHeader = headers.GetValues("X-XSRF-Token").FirstOrDefault();
AntiForgery.Validate(cookie != null ? cookie.Value : null, tokenFromHeader);
The web API classes or methods will need decorating appropriately to ensure this code is run, i.e.
The following step is to verify ASP.NET includes its standard forgery token cookie and hidden field in the markup. Include the accompanying line into the markup.
Presently, we have to redesign our AngularJS code to pass anti forgery token back in the header with all our web API calls. The most straightforward approach to do this is to situated a default up in the run system for the AngularJS application module, e.g.
HostForLIFE.eu ASP.NET 5 Hosting
HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes. We have customers from around the globe, spread across every continent. We serve the hosting needs of the business and professional, government and nonprofit, entertainment and personal use market segments.
HostForLIFE.eu is Microsoft No #1 Recommended Windows and ASP.NET Hosting in European Continent. HostForLIFE.eu offers a highly redundant, carrier-class architecture, designed around the needs of shared hosting customers. The company’s prices for shared and dedicated hosting are competitive; its features and perks are robust; and its stated commitment to outstanding customer service and support is manifest in its bevy of award-winning ancillary services.