In an ASP.NET MVC application, we use @Html.AntiForgeryToken()
in the user login form. Then in the controller, the [ValidateAntiForgeryToken]
filter helps validate the token to prevent automated login attempt.
Now we are building angular apps and I wonder if we should add [ValidateAntiForgeryToken]
to our ApiController, and how the Anti-forgery token will be generated in this situation. Any advice?