Friday, 25 May 2012

MVC3 - Securing with Authentication and Anti-forgery by Default

Following on from my post about securing MVC3 application by use of global filters, I have released today a package on that can be installed to do this automatically.

In addition to requiring to set explicit anonymous access for controller actions you want to be accessible anonymously, there is also ad additional filter for anti-forgery tokens. The additional filter requires you to pass an anti-forgery token in every form post.

Please download the package and let me know what you think! 

1 comment:

  1. This is an excellent idea - where did you get the idea to merge the Anti-Forgery token functionality with it? ;o)