Anti ForgeryToken in ASP.NET MVC
To prevent Cross-Site Request Forgery (CSRF) in ASP.NET MVC applications we use AntiForgeryToken () helper. Before that, we’ll have a look on how CSRF works Imagine you have an ASP.NET MVC’s controller class as follows public class UserProfileController : Controller { public ViewResult Edit () { return View (); } public ViewResult SubmitUpdate () { // Get the user's existing profile data (implementation omitted) ProfileData profile = GetLoggedInUserProfile (); // Update the user object profile . EmailAddress = Request . Form [ "email" ]; profile . FavoriteHobby = Request . Form [ "hobby" ]; SaveUserProfile ( profile ); ...