Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
IAntiforgery Interface
Definition
- Namespace:
- Microsoft.AspNetCore.Antiforgery
- Assembly:
- Microsoft.AspNetCore.Antiforgery.dll
- Package:
- Microsoft.AspNetCore.Antiforgery v1.0.0
- Package:
- Microsoft.AspNetCore.Antiforgery v1.1.0
- Package:
- Microsoft.AspNetCore.App.Ref v10.0.0
- Package:
- Microsoft.AspNetCore.App.Ref v11.0.0-preview.4.26230.115
- Package:
- Microsoft.AspNetCore.Antiforgery v2.0.0
- Package:
- Microsoft.AspNetCore.Antiforgery v2.1.0
- Package:
- Microsoft.AspNetCore.Antiforgery v2.2.0
- Package:
- Microsoft.AspNetCore.App.Ref v3.0.1
- Package:
- Microsoft.AspNetCore.App.Ref v3.1.10
- Package:
- Microsoft.AspNetCore.App.Ref v5.0.0
- Package:
- Microsoft.AspNetCore.App.Ref v6.0.36
- Package:
- Microsoft.AspNetCore.App.Ref v7.0.5
- Package:
- Microsoft.AspNetCore.App.Ref v8.0.19
- Package:
- Microsoft.AspNetCore.App.Ref v9.0.8
- Source:
- IAntiforgery.cs
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Provides access to the antiforgery system, which provides protection against Cross-site Request Forgery (XSRF, also called CSRF) attacks.
public interface class IAntiforgerypublic interface IAntiforgerytype IAntiforgery = interfacePublic Interface IAntiforgeryMethods
| Name | Description |
|---|---|
| GetAndStoreTokens(HttpContext) |
Generates an AntiforgeryTokenSet for this request and stores the cookie token in the response. This operation also sets the "Cache-control" and "Pragma" headers to "no-cache" and the "X-Frame-Options" header to "SAMEORIGIN". |
| GetTokens(HttpContext) |
Generates an AntiforgeryTokenSet for this request. |
| IsRequestValidAsync(HttpContext) |
Asynchronously returns a value indicating whether the request passes antiforgery validation. If the request uses a safe HTTP method (GET, HEAD, OPTIONS, TRACE), the antiforgery token is not validated. |
| SetCookieTokenAndHeader(HttpContext) |
Generates and stores an antiforgery cookie token if one is not available or not valid. |
| ValidateRequestAsync(HttpContext) |
Validates an antiforgery token that was supplied as part of the request. |
Extension Methods
| Name | Description |
|---|---|
| GetHtml(IAntiforgery, HttpContext) |
Generates an <input type="hidden"> element for an antiforgery token. |
Applies to
Feedback
Was this page helpful?