Preventing Cross-Site Request Forgery (XSRF/CSRF) Attacks in ASP.NET Core View Article Information Posted Date: 27. October 2017 Author: Anil Sharma Categories: ASP.NET MVC, ASP.NET, ASP.NET vNext, ASP.NET Core Keywords: CSRF attacks, Preventing Cross-Site Request, (XSRF/CSRF) Attacks in ASP.NET Core, Request Forgery (XSRF/CSRF) Attacks CSRF attacks are possible against web sites that use cookies for authentication, because browsers send all relevant cookies to the destination web site. However, CSRF attacks are not limited to exploiting cookies. For example, Basic and Digest authentication are also vulnerable. After a user logs in with Basic or Digest authentication, the browser automatically sends the credentials until the session ends. [Continue Reading]