How should you complete the relevant code?

HOTSPOT
You develop an ASP.NET MVC application. The application includes a feature that allows users to
reset their passwords. The feature is enabled by a ForgotPassword controller method and a
corresponding Razor view.
You need to prevent Cross‐Site Request Forgery (CSRF) attacks.
How should you complete the relevant code? To answer, select the appropriate code segment from
each list in the answer area.




HOTSPOT
You develop an ASP.NET MVC application. The application includes a feature that allows users to
reset their passwords. The feature is enabled by a ForgotPassword controller method and a
corresponding Razor view.
You need to prevent Cross‐Site Request Forgery (CSRF) attacks.
How should you complete the relevant code? To answer, select the appropriate code segment from
each list in the answer area.




Answer: See the explanation

Explanation:
Target1: [ValidateAntiForgeryToken]
Target2: @Html.AntoForgeryToken()

Example:
* At the top of the action that we created to handle the posted form, the one with the [HttpPost]
attribute added, we’ll add another attribute named [ValidateAntiForgeryToken]. This makes the start
of our action now look like the following:
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult ChangeEmail(ChangeEmailModel model)
{
string username = WebSecurity.CurrentUserName;
*rest of function omitted*
* we must add the unique token to the form to change the user’s email when we display it. Update
the form in the ChangeEmail.aspx view under /Account/ChangeForm:
<% using(Html.BeginForm()) { %>

<%: Html.AntiForgeryToken() %>
<%: Html.TextBoxFor(t=>t.NewEmail) %>
<input type=”submit” value=”Change Email” />
<% } %>

Show Hint

Leave a Reply 1

Your email address will not be published. Required fields are marked *