Reputation: 67
Implementing AntiForgery Token on ASP.NET 4.6 WebForms
As title i'm trying to implement an AntiForgery Token in Asp.net 4.6 framework. I've a Site.Master page and i'm studying this article to adapt on my site How To Fix Cross-Site Request Forgery (CSRF) using Microsoft .Net ViewStateUserKey and Double Submit Cookie
Now i've converted from c# to vb.net and i put the code in my masterpage.
By compiler notes me that
Page.PreLoad += AddressOf master_Page_PreLoad
is a event and i can't declare directly.
Anyway i don't understand if it's right way to solve problem or exists another way to follow.
Upvotes: 0
Views: 1258
Answers (1)
Reputation: 67
Solved. With
AddHandler Page.PreLoad, AddressOf master_Page_PreLoad
instead of
Page.PreLoad += AddressOf master_Page_PreLoad
Another things about the goal "Implementing AntiForgery Token on ASP.NET 4.6 WebForm" in the webmethod i had to use
HttpContext.Current.Session("CookieName") to verify token generated on Page_Init because in webmethos you can't use ViewState.
To use Sessione in web method, in declaration of web method you must define EnableSession as
<WebMethod(EnableSession:=True), ScriptMethod(ResponseFormat:=ResponseFormat.Json, UseHttpGet:=False)> _
Public Function GetFunction(myjson As String) As String.....
Upvotes: 1
Related Questions
- Provide AntiForgery Token with System.Net.Http.HttpClient and MVC
- Handle AntiForgery Token in Winform and WebAPI
- How to make the AntiforgeryToken As Secure in ASP.net MVC
- Antiforgery token issue in Internet Explorer
- Correct usage of AntiForgery token in ASP.NET 5 in SPA application?
- Anti-Forgery Token + Web API (- MVC)
- Trouble with antiforgery token using owin
- Antiforgery Token
- Using ASP.NET MVC3 AntiForgery token from CCW
- ASP.MVC antiforgery token and cryptographic errors