c# what is - ASP.Net MVC CSRF Prevention for JSON POST
I'd like to close the CSRF vulnerability for posting raw JSON via AJAX.
I'm familiar with MVC's mechanism for automating CSRF prevention using the
@Html.AntiForgeryToken(); however, if I understand correctly, this mechanism requires that the
POST be done with a
application/x-www-form-urlencoded (or similar). Is there a built-in mechanism in ASP.Net MVC that will reject CSRFs for
POST requests with
application/json? If not, am I stuck with putting the anti-forgery into the JSON object itself? Can you recommend a technique for protecting JSON POST requests from CSRF vulnerability with the same level of security as the form-based approach built into ASP.Net MVC?