Home » Microsoft » 70-486 v.2 » How should you complete the relevant code?
HOTSPOT
You develop an ASP.NET MVC application. The application includes a feature that allows users to reset their passwords. The feature is enabled by a ForgotPassword controller method and a corresponding Razor view.
You need to prevent Cross-Site Request Forgery (CSRF) attacks.
How should you complete the relevant code? To answer, select the appropriate code segment from each list in the answer area.
Hot Area:
Correct Answer:
Explanation/Reference:
Example:
*At the top of the action that we createdto handle the posted form, the one with the [HttpPost] attribute added, we’ll add another attribute named[ValidateAntiForgeryToken]. This makes the start of our action now look like the following:
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult ChangeEmail(ChangeEmailModel model)
{ string username = WebSecurity.CurrentUserName;
*rest of function omitted*
*we must add the unique token to the form to change the user’s email when we display it. Update the form in the ChangeEmail.aspx view under /Account/ChangeForm:
<% using(Html.BeginForm()) { %>
<%: Html.AntiForgeryToken() %>
<%: Html.TextBoxFor(t=>t.NewEmail) %>
<input type="submit" value="Change Email" /> <% } %>