Validating a submit request with javascipt
After a user logs in with Basic or Digest authentication, the browser automatically sends the credentials until the session ends. NET Core implements anti-request-forgery using the ASP. See Configuring data protection for more information. NET Core anti-request-forgery default data protection configuration In ASP.
NET Core MVC 2.0 the Form Tag Helper injects anti-forgery tokens for HTML form elements.
For example, the following markup in a Razor file will automatically generate anti-forgery tokens: The most common approach to defending against CSRF attacks is the synchronizer token pattern (STP).
In effect, CSRF attacks are used by an attacker to make a target system perform a function via the target's browser without knowledge of the target user, at least until the unauthorized transaction has been committed.
However, CSRF attacks are not limited to exploiting cookies.
For example, Basic and Digest authentication are also vulnerable. NET Core data protection must be configured to work in a server farm.
If the targeted end user is an administrator account, a CSRF attack can compromise the entire web application.
Sites that are more likely to be attacked by CSRF are community websites (social networking, email) or sites that have high dollar value accounts associated with them (banks, stock brokerages, bill pay services).This form of exploit is also known as a requests are vulnerable from malicious attacks.