Implementing AntiForgery Token on ASP.NET 4.6 WebForms

Question

As title i'm trying to implement an AntiForgery Token in Asp.net 4.6 framework. I've a Site.Master page and i'm studying this article to adapt on my site How To Fix Cross-Site Request Forgery (CSRF) using Microsoft .Net ViewStateUserKey and Double Submit Cookie

Now i've converted from c# to vb.net and i put the code in my masterpage.

By compiler notes me that

Page.PreLoad += AddressOf master_Page_PreLoad

is a event and i can't declare directly.

Anyway i don't understand if it's right way to solve problem or exists another way to follow.

The original blog post seems to be no longer available, but the sample code appear to be available in this SO post https://stackoverflow.com/a/52353249/421356 — Christopher Johnson, Dec 01 '21 at 15:12

score 1 · Answer 1 · answered May 03 '20 at 13:33

Solved. With

AddHandler Page.PreLoad, AddressOf master_Page_PreLoad

instead of

Page.PreLoad += AddressOf master_Page_PreLoad

Another things about the goal "Implementing AntiForgery Token on ASP.NET 4.6 WebForm" in the webmethod i had to use

HttpContext.Current.Session("CookieName") to verify token generated on Page_Init because in webmethos you can't use ViewState.

To use Sessione in web method, in declaration of web method you must define EnableSession as

 <WebMethod(EnableSession:=True), ScriptMethod(ResponseFormat:=ResponseFormat.Json, UseHttpGet:=False)> _
Public Function GetFunction(myjson As String) As String.....

Implementing AntiForgery Token on ASP.NET 4.6 WebForms

1 Answers1