In this article I will explain with an example, how to use AntiForgery Token with Submit in ASP.Net Core (.Net Core 8) Razor Pages.
Note: For beginners in ASP.Net Core (.Net Core 8) Razor Pages, please refer my article ASP.Net Core 8 Razor Pages: Hello World Tutorial with Sample Program example.
 
 

Razor PageModel (Code – Behind)

The PageModel consists of following Handler methods.

Handler method for handling GET operation

This Handler method handles the GET calls, for this particular example it is not required and hence left empty.
 

Handler method for handling Post operation

This Handler method handles the call made from the Post function from the Razor Pages.
Inside this Handler method, the value of firstName and lastName is assigned to the Name Property
 
The Index model has been assigned with the following attribute.
ValidateAntiForgeryToken: The ValidateAntiForgeryToken attribute is used to prevent cross-site request forgery attacks.
Note: A cross-site request forgery is an attack is done by sending harmful script element, malicious command, or code from the user’s browser.
 
[ValidateAntiForgeryToken]
public class IndexModel : PageModel
{
    public string Name { getset; }
    public void OnGet()
    {
    }
 
    public void OnPostSubmit(string firstNamestring lastName)
    {
        this.Name = string.Format("Name: {0} {1}", firstName, lastName);
    }
}
 
 

Razor Page (HTML)

HTML Markup

Inside the Razor Page, the ASP.Net TagHelpers is inherited.
The HTML of Razor Page consists of an HTML Form which has been created using the ASP.Net TagHelpers with the following attribute.
method – It specifies the Form Method i.e. GET or POST. In this case it will be set to POST.
The Anti-Forgery Token has been added to the Razor Page using the AntiForgeryToken function of the HTML Helper class.
Note: The AntiForgeryToken function generates an HiddenField with the AntiForgery Token.
 
The HTML of Form consists of following elements.
TextBox – For user input.
Button – For submitting the form.
 

Submitting the form

When the Button is clicked, the Form is submitted.
Finally, the value of the Model object is displayed using Razor syntax.
@page
@model AntiForgery_Submit_Core_Razor.Pages.IndexModel
@addTagHelper*, Microsoft.AspNetCore.Mvc.TagHelpers
@{
     Layout =  null;
}
<!DOCTYPE html>
 
<html>
<head>
    <meta name="viewport" content="width=device-width" />
    <title>Index</title>
</head>
<body>
    <form method="post">
        @Html.AntiForgeryToken()
        <table>
            <tr>
                <td>First Name:</td>
                <td><input type="text" id="txtFirstNamename="FirstName" /></td
            </tr>
            <tr>
                <td>Last Name:</td>
                <td><input type="text" id="txtLastName" name="LastName" /></td
            </tr>
            <tr>
                <td></td>
                <td><input type="submit" value="Submit" asp-page-handler="Submit" /></td>
            </tr>
        </table>
        <hr />
        @Model.Name
    </form>
</body>
</html>
 
 

Screenshot

ASP.Net Core Razor Pages: Using AntiForgery Token with Submit
 
 

Downloads

Download Code