How should you complete the relevant code?

HOTSPOT
You develop an ASP.NET MVC application. The application includes a feature that allows users to reset their
passwords. The feature is enabled by a ForgotPassword controller method and a corresponding Razor view.
You need to prevent Cross-Site Request Forgery (CSRF) attacks.
How should you complete the relevant code? To answer, select the appropriate code segment from each list in
the answer area.
Hot Area:

HOTSPOT
You develop an ASP.NET MVC application. The application includes a feature that allows users to reset their
passwords. The feature is enabled by a ForgotPassword controller method and a corresponding Razor view.
You need to prevent Cross-Site Request Forgery (CSRF) attacks.
How should you complete the relevant code? To answer, select the appropriate code segment from each list in
the answer area.
Hot Area:

Answer:

Explanation:
Example:
* At the top of the action that we createdto handle the posted form, the one with the [HttpPost] attribute added,
we’ll add another attribute named [ValidateAntiForgeryToken]. This makes the start of our action now look like
the following:
[HttpPost]
[ValidateAntiForgeryToken]public ActionResult ChangeEmail(ChangeEmailModel model)
{
string username = WebSecurity.CurrentUserName;
*rest of function omitted*
* we must add the unique token to the form to change the user’s email when we display it. Update the form in
the ChangeEmail.aspx view under /Account/ChangeForm:
<% using(Html.BeginForm()) { %>
<%: Html.AntiForgeryToken() %>
<%: Html.TextBoxFor(t=>t.NewEmail) %>
<input type=”submit” value=”Change Email” />
<% } %>



Leave a Reply 0

Your email address will not be published. Required fields are marked *