AntiForgery.GetHtml Method (HttpContextBase, String, String, String)

Note: This API is now obsolete.

Adds an authenticating token to a form to help protect against request forgery and lets callers specify authentication details.

Namespace:  System.Web.Helpers
Assembly:  System.Web.WebPages (in System.Web.WebPages.dll)

[ObsoleteAttribute("This method is deprecated. Use the GetHtml() method instead. To specify a custom domain for the generated cookie, use the <httpCookies> configuration element. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property.", 
public static HtmlString GetHtml(
	HttpContextBase httpContext,
	string salt,
	string domain,
	string path


Type: System.Web.HttpContextBase
The HTTP context data for a request.
Type: System.String
An optional string of random characters (such as Z*7g1&p4) that is used to add complexity to the encryption for extra safety. The default is null.
Type: System.String
The domain of a web application that a request is submitted from.
Type: System.String
The virtual root path of a web application that a request is submitted from.

Return Value

Type: System.Web.HtmlString
Returns the encrypted token value in a hidden HTML field.


httpContext is null.

Call this method to create an encrypted token that is added to an HTML form as a hidden field. After the page has been submitted, you can call the Validate() method to check the token value and validate that the submitted data comes from a valid user.

Use the GetHtml method overload to specify additional parameters for the validation process, such as the HTTP request context, or a custom salt value for enhanced encryption, or the application path or domain from which a request originates. If you supply these parameters, they are also checked when validation occurs. If you want to use a simplified version of the method that does not require additional parameters, call the GetHtml method overload.

Important noteImportant

If you provide a string of random characters to the salt parameter, you must pass the same value to the Validate(HttpContextBase, String) method when you validate requests.