100% Free
🎯 3200+ Questions. One Goal: Your Success Sign In Sign Up

What is the Anti-Forgery System in ASP.NET Core?

Mid .NET Core
Quick Answer Anti-Forgery generates a hidden __RequestVerificationToken in forms and a separate cookie. On submission, ASP.NET Core validates that both the form token and cookie token match (same origin, same user). A CSRF attack from a different origin can't read the cookie, so it can't forge a valid token pair. Applied automatically with Razor form tag helper.

Answer

The Anti-Forgery system protects against CSRF attacks by issuing two related tokens:

  • A cookie token stored in the browser.
  • A form/request token embedded in forms or headers.

On POST (or unsafe verbs), the server validates that both tokens are present and match. If not, the request is rejected. This ensures that only requests initiated from the legitimate site using the correct user context are accepted.

S
SugharaIQ Editorial Team Verified Answer

This answer has been peer-reviewed by industry experts holding senior engineering roles to ensure technical accuracy and relevance for modern interview standards.

Bookmark Add to Set Notes

Want to bookmark, take notes, or join discussions?

Sign in to access all features and personalize your learning experience.

Sign In Create Account

Source: SugharaIQ

Practice Sets for .NET Core

Related Questions in .NET Core

(10 questions)
What is inheritance?
What is ASP.NET Core and why was it created?
Explain the ASP.NET Core hosting model (Host Builder + Kestrel + Startup flow).
What is Kestrel and why does ASP.NET Core use it?
Explain Middleware and the purpose of the ASP.NET Core Request Pipeline.
Why does the order of middleware matter so much?
What is Dependency Injection in ASP.NET Core and why is it built-in?
Explain the three DI lifetimes (Transient, Scoped, Singleton).
What is Configuration in ASP.NET Core and how does it work?
What is the purpose of IOptions, IOptionsSnapshot, and IOptionsMonitor?
View All .NET Core Questions
Ready to level up? Start Practice