Disable request verification token in ASP.NET Core
NickName:ThomasArdal Ask DateTime:2020-02-28T15:21:53

Disable request verification token in ASP.NET Core

ASP.NET Core MVC seems to inject a request verification token in all of my forms:

<form class="actions" method="post">
    <input type="submit" class="btn btn-primary" value="Yes">
    <a class="btn btn-secondary" href="/some/url">No</a>
    <input name="__RequestVerificationToken" type="hidden" value="...">
</form>

I'm handling CSRF in Ajax and don't want this extra input element in all of my forms. Any way to disable it?

The element is added even without a call to AddAntiforgery in Startup.cs. I'm running on ASP.NET Core 3.1.

Copyright Notice:Content Author:「ThomasArdal」,Reproduced under the CC 4.0 BY-SA copyright license with a link to the original source and this disclaimer.
Link to original article:https://stackoverflow.com/questions/60447005/disable-request-verification-token-in-asp-net-core

Answers
Elendil Zheng-MSFT 2020-02-28T08:16:12

Antiforgery middleware is added to the Dependency injection container when one of the following APIs is called in Startup.ConfigureServices:\n\nAddMvc\nMapRazorPages\nMapControllerRoute\nMapBlazorHub\n\n\nDetails please check this document\n\nTo disable it, try below IgnoreAntiforgeryToken attribute\n\n[Authorize]\n[AutoValidateAntiforgeryToken]\npublic class ManageController : Controller\n{\n [HttpPost]\n [IgnoreAntiforgeryToken]\n public async Task<IActionResult> DoSomethingSafe(SomeViewModel model)\n {\n // no antiforgery token required\n }\n}\n\n\nDetails can be found here",

mcNux 2021-06-10T14:30:20

The token is appended by the Form Tag Helper. If you don't need the other features of the Tag Helper, it can be removed using @removeTagHelper (in view or globally by adding to _ViewImports.cshtml):\n@removeTagHelper Microsoft.AspNetCore.Mvc.TagHelpers.FormTagHelper, Microsoft.AspNetCore.Mvc.TagHelpers\n\nSee ASP.NET Core documentation for further details/options.",

Products recommended by Amazon
More >>>
SanDisk 128GB microSDXC-Card, Licensed for Nintendo-Switch - SDSQXAO-128G-GNCZN
SanDisk 128GB microSDXC-Card, Licensed for Nintendo-Switch - SDSQXAO-128G-GNCZN
 HUANUO Dual Monitor Stand - Adjustable Spring Monitor Desk Mount Swivel Vesa Bracket with C Clamp, Grommet Mounting Base for 13 to 27 Inch Computer Screens - Each Arm Holds 4.4 to 14.3lbs
HUANUO Dual Monitor Stand - Adjustable Spring Monitor Desk Mount Swivel Vesa Bracket with C Clamp, Grommet Mounting Base for 13 to 27 Inch Computer Screens - Each Arm Holds 4.4 to 14.3lbs
 AMD Ryzen 5 5600X 6-core, 12-Thread Unlocked Desktop Processor with Wraith Stealth Cooler
AMD Ryzen 5 5600X 6-core, 12-Thread Unlocked Desktop Processor with Wraith Stealth Cooler
 Timberland Men's 6-Inch Premium Waterproof Boot
Timberland Men's 6-Inch Premium Waterproof Boot
More about “Disable request verification token in ASP.NET Core” related questions
Disable request verification token in ASP.NET Core

ASP.NET Core MVC seems to inject a request verification token in all of my forms: &lt;form class="actions" method="post"&gt; &lt;input type="submit" class="btn btn-primary" value="Y

Show Detail
Disable EF Core Migration verification query

I'm running an asp.net core 2.1.4 web application with entity framework core 2.1.4 using code first. The migration and seed are done on application startup. I've noticed a couple of EF queries che...

Show Detail
Email confirmation using a custom verification token/code in asp.net core

I am trying to implement a short code (6digits) for Email Confirmation using Asp.Net Identity Core. Currently, I am using the existing implementation which is TotpSecurityStampBasedTokenProvider .

Show Detail
Append a bearer token to a git request or disable core dump

I have a problem with git and core dumps.  I try to operate git via CLI commands and the authentication method is a bearer token. Since I run those commands in a AWS Lambda, I only have the /tmp/

Show Detail
Single time use Jwt Token for email verification in asp.net core with angular 6

I, am using jwt token for one time email verification. Here is the c# code to generate jwt token public string OneTimeTokenGenerationForVerification(string userName, int expireTime, string secret...

Show Detail
skip token verification for GET request

I want skip token verification for GET method in express. I want to allow GET request for everyone while just post, put, delete request by authorized user.below is my logic but the response hanging...

Show Detail
Send Email verification code with out asp.net core identity

I know there is possible way to create&amp;send email verification code using asp.net core identity. But in my case I dont want to setup all tables which asp.net core identity uses. I am thinking to

Show Detail
.NET Core - disable all SSL validation

I'm working on a .NET Core app where verification of a 3rd party SSL certificate (occurring across a VPN) is failing (the server cert isn't properly signed with a root CA so can't be verified using

Show Detail
temporarily enable/disable ASP.NET Core request handling

is there a way to disable request handling temporarily in an ASP.NET core host? I initialize the host at startup, but my app needs some time to be fully operational.. so while I need the host to st...

Show Detail
how to send jwt authentication token in a rest request in asp.net core

Can someone tell me how to send jwt authentication token for every rest request send from asp.net core to the web APi, Does there is need to create a secret key to sign the token signature? Can we...

Show Detail