what does BeginFormAntiForgeryPost do ?

Topics: Administration, Announcements, Core, Customizing Orchard, General, Troubleshooting, Writing modules, Writing themes
Jun 17, 2012 at 3:48 PM
Edited Jun 18, 2012 at 11:03 AM

Looking at MvcFormAntiForgeryPost.cs and HtmlHelperExtensions.cs, I see nothing different from ordinary forms.

What HTML does the BeginFormAntiForgeryPost emit? Can anybody shed light on this?

Jun 17, 2012 at 4:54 PM

If you look closely at the emitted HTML (using the View Source feature of your browser) you'll see that not only has a <form> element be generated, but a hidden field as well that will contain an anti forgery token value that prevents cross site request forgery attacks. To learn more about that, check out http://blog.stevensanderson.com/2008/09/01/prevent-cross-site-request-forgery-csrf-using-aspnet-mvcs-antiforgerytoken-helper/