AntiForgery.Validate Method (HttpContextBase, String)

Note: This API is now obsolete.

Validates that input data from an HTML form field comes from the user who submitted the data and lets callers specify additional validation details.

Namespace:  System.Web.Helpers
Assembly:  System.Web.WebPages (in System.Web.WebPages.dll)

[ObsoleteAttribute("This method is deprecated. Use the Validate() method instead.", 
public static void Validate(
	HttpContextBase httpContext,
	string salt


Type: System.Web.HttpContextBase
The HTTP context data for a request.
Type: System.String
An optional string of random characters (such as Z*7g1&p4) that is used to decrypt an authentication token created by the AntiForgery class. The default is null.


The current HttpContext value is null.


The HTTP cookie token that accompanies a valid request is missing.


The form token is missing.


The form token value does not match the cookie token value.


The form token value does not match the cookie token value.


The salt value supplied does not match the salt value that was used to create the form token.

Call the method to verify that a request was submitted by a legitimate user and that the request was not forged by a malicious script. To use this method, first add a call to the GetHtml() method, which adds a token to an HTML form that can be validated after the page is submitted. If validation fails, the AntiForgery class throws an exception.

Whenever you use the GetHtml(HttpContextBase, String, String, String) method and include a salt value, you must also use the Validate method to supply that same value during validation. If you supply the correct salt value, validation is successful. If you want to use a simplified version of the method that does not require a salt value, call the Validate() overload.