ViewStateUserKey to prevent XSRF (CSRF or cross-site request forgery) in ASP.NET
30 Sep 2006
ViewStateUserKey has been around for many years and is an easy solution to prevent the infamous XSRF or cross-site request forgery class of attack.
It's documented:
http://msdn2.microsoft.com/en-us/library/system.web.ui.page.viewstateuserkey.aspx
ViewStateUserKey mitigates XSRF by including a unique identifier in the user's request.
This protection mechanism has been available for many years when Microsoft identified the one-click attack, now more commonly referred to as XSRF.
It's documented:
http://msdn2.microsoft.com/en-us/library/system.web.ui.page.viewstateuserkey.aspx
ViewStateUserKey mitigates XSRF by including a unique identifier in the user's request.
This protection mechanism has been available for many years when Microsoft identified the one-click attack, now more commonly referred to as XSRF.