In this post, I will tell you about Anti Forgery Tokens with AngularJS and ASP.NET 5. Single Page Applications utilizing AngularJS with ASP.NET by default leave our Web API methods open to forgery abuse. A couple of straightforward steps will permit you to include hostile to phony security. The primary step will be to make a custom activity channel ascribe to test our answer which you can use to finish web programming interface classes or individual activities.
public sealed class ValidateCustomAntiForgeryTokenAttribute : ActionFilterAttribute
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
if (actionContext == null)
throw new ArgumentNullException("actionContext");
var headers = actionContext.Request.Headers;
var cookie = headers
.Select(c => c[AntiForgeryConfig.CookieName])
var tokenFromHeader = headers.GetValues("X-XSRF-Token").FirstOrDefault();
AntiForgery.Validate(cookie != null ? cookie.Value : null, tokenFromHeader);
The web API classes or methods will need decorating appropriately to ensure this code is run, i.e.
The following step is to verify ASP.NET includes its standard forgery token cookie and hidden field in the markup. Include the accompanying line into the markup.
Presently, we have to redesign our AngularJS code to pass anti forgery token back in the header with all our web API calls. The most straightforward approach to do this is to situated a default up in the run system for the AngularJS application module, e.g.
hostforlifeasp.net ASP.NET 5 Hosting
hostforlifeasp.net is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes. We have customers from around the globe, spread across every continent. We serve the hosting needs of the business and professional, government and nonprofit, entertainment and personal use market segments.