I've been trying to search for an alternative for browsers that have disabled cookies in their browser and forms that require the antiforgerytoken for validation. How should a case like this be handled?
Any suggestions or alternatives to preventing CSRF in ASP.Net MVC forms would be greatly appreciated.
Thanks you!
On
There are a number of alternatives to using AntiForgeryTokens stored in session as part of the Synchroniser Token Pattern. One method gaining traction is the Encrypted Token Pattern, implemented by a Framework called ARMOR. The premise here is that you need neither Session nor cookies in order to maintain CSRF protection in a stateless manner, which won't be interrupted by browser settings, particularly the disabling of cookies.
You can create your own CUSTOM ANTIFORGERYTOKEN FILTER for more details check the links...
http://forums.asp.net/t/1938599.aspx
http://www.prideparrot.com/blog/archive/2012/7/securing_all_forms_using_antiforgerytoken