Solved

What is the RequestVerificationToken that I see in my request Cookie on my webpage in ASP .Net MVC?

Posted on 2014-02-28
1
4,603 Views
Last Modified: 2014-03-09
Hi:

I'm relatively new to figuring out the messaging and hand shaking that takes place between by client (web page) and the back end in an ASP .Net MVC based application.
These might seem like simple or off base questions.

I have 3 questions:

1) I'm examining some of the network requests between my page and back end and I'm looking at the connect$transport. Is this something that's initiated from my page or received by it?

2) Examining that request in detail, I see a number of request Cookies:
    - ASP.Net_SessionId
    - xxxAuth   (which is generated by our application)
    - __RequestVerificationToken_LOVDSQ2

  Do I have access to any of these from client side scripting (javascript/jquery)?
  If so how do I do that?

3) Exactly what is the __RequestVerification_Token?
    In looking at my webpage, I notice that there's a hidden input value where this value
    has been stuffed in.

Thanks,
JohnB
0
Comment
Question by:jxbma
1 Comment
 
LVL 27

Accepted Solution

by:
Sammy earned 500 total points
ID: 39899734
__RequestVerification_Token is  is an anti forgery token (prevent CSRF attack). It guarantees that the poster is the one who gets the form.

if its a cookie, you can ready it on the client. juqery have a cookie plugin you can use
here is a demo here
http://www.programming-free.com/2013/01/setting-and-getting-cookies-using.html#.UeU-z9Iwcms

I have never heard of connect$transport, it looks like this being created by whatever tool you are using to monitor traffic.
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Learn by example how to specify CSS selectors for Selenium WebDriver test automation software.
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question