Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

AntiForgery.Validate Method (HttpContextBase, String)

Note: This API is now obsolete.

Validates that input data from an HTML form field comes from the user who submitted the data and lets callers specify additional validation details.

Namespace:  System.Web.Helpers
Assembly:  System.Web.WebPages (in System.Web.WebPages.dll)
[ObsoleteAttribute("This method is deprecated. Use the Validate() method instead.", 
	true)]
public static void Validate(
	HttpContextBase httpContext,
	string salt
)

Parameters

httpContext
Type: System.Web.HttpContextBase
The HTTP context data for a request.
salt
Type: System.String
An optional string of random characters (such as Z*7g1&p4) that is used to decrypt an authentication token created by the AntiForgery class. The default is null.
ExceptionCondition
ArgumentException

The current HttpContext value is null.

HttpAntiForgeryException

The HTTP cookie token that accompanies a valid request is missing.

-or-

The form token is missing.

-or-

The form token value does not match the cookie token value.

-or-

The form token value does not match the cookie token value.

-or-

The salt value supplied does not match the salt value that was used to create the form token.

Call the method to verify that a request was submitted by a legitimate user and that the request was not forged by a malicious script. To use this method, first add a call to the GetHtml() method, which adds a token to an HTML form that can be validated after the page is submitted. If validation fails, the AntiForgery class throws an exception.

Whenever you use the GetHtml(HttpContextBase, String, String, String) method and include a salt value, you must also use the Validate method to supply that same value during validation. If you supply the correct salt value, validation is successful. If you want to use a simplified version of the method that does not require a salt value, call the Validate() overload.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.