I have created a ASP.NET project and I want to implement Anti-CSRF method in my project. How to do that?
Asked
Active
Viewed 117 times
0
-
I would start by [reading the official docs](https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-2.2). – Benoit Esnard Aug 02 '19 at 07:25
1 Answers
1
The basic idea is to include a secure random token with ever request such that it cannot be guessed before hand by an attacker.
OWASP recommends you use :-
We recommend token based CSRF defense (either stateful/stateless) as a primary defense to mitigate CSRF in your applications. Only for highly sensitive operations, we also recommend a user interaction based protection (either re-authentication/one-time token, detailed in section 6.5) along with token based mitigation.
It goes into detail here
You also mention it's a .net application.ASP.NET core already already has in-built protection.The details of which are here
yeah_well
- 3,699
- 1
- 13
- 30