Dot Net Stuff

Preventing Cross-Site Request Forgery (XSRF/CSRF) Attacks in ASP.NET Core

CSRF attacks are possible against web sites that use cookies for authentication, because browsers send all relevant cookies to the destination web site. However, CSRF attacks are not limited to exploiting cookies. For example, Basic and Digest authentication are also vulnerable. After a user logs in with Basic or Digest authentication, the browser automatically sends the credentials until the session ends. [Continue Reading]