Why does does the LogOff function in the Account Controller need to have the HttpPost and ValidateAntiForgerToken Attributes?

Question

The Template for a MVC 4.5.3 Account Controller has the following code:

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult LogOff()
        {
            AuthenticationManager.SignOut();
            return RedirectToAction("Index", "Home");
        }

Why does it need the first two attributes? I commented them out and simply called the function through a @Html.ActionLink() and it gets the job done. Is there any scenario in which this is required or would be beneficial to implement?

Edit: I understand the purpose of the ValidateAntiForgeryToken and the HttpPost attributes. Let me rephrase myself. How would I call this function with those attributes? Would it be through an API? I just wanted to create a simple button with an @Html.ActionLink() to LogOff. Is there a way I can approach this and keep the attributes?

possible duplicate of [ValidateAntiForgeryToken purpose, explanation and example](http://stackoverflow.com/questions/13621934/validateantiforgerytoken-purpose-explanation-and-example) — jamesSampica, Apr 11 '15 at 04:33
Related to HttpPost attribute. http://stackoverflow.com/questions/705782/why-shouldnt-data-be-modified-on-an-http-get-request — jamesSampica, Apr 11 '15 at 04:34
In regards to your edit, the template provides a good way to keep these attributes. You definitely don't want just an anchor tag that logs people off (for reasons provided in the links provided) — jamesSampica, Apr 11 '15 at 04:43

Why does does the LogOff function in the Account Controller need to have the HttpPost and ValidateAntiForgerToken Attributes?

0 Answers0