Skip to main content

Generate new token on each request in MVC Ajax post call (Custom Code)

Generate new token on each request in MVC Ajax post call (Custom Code)
Image result for mvc

Step: 1
In controller add below Code to generate new random token and store it in the session
protected string GenerateCSRFToken()
{
 RandomNumberGenerator rng = new RNGCryptoServiceProvider("Add Your Salt String");
 var tokenData = new byte[64];
 rng.GetBytes(tokenData);
 var token = Convert.ToBase64String(tokenData);
 Session["CSRFtoken"] = token.Trim();
 return token;
}

Step: 2
In controller generate new token and pass it to view using ViewData.
public ActionResult Index()
{
 ViewData["CSRFtoken"] = GenerateCSRFToken();
 return View();
}

Step: 3
In View create hidden field and assign ViewData value to it.
<input type="hidden" value="@ViewData["CSRFtoken"]" id="hdnCSRFtoken" />

Step: 4
In View read and pass the hidden field value as method parameter/
<script type="text/javascript">
        ConvertToStringify = function (data) {
            data.name = JSON.stringify(data.name);
            return (data);
        };
        $(document).ready(function () {
            $("#btnAjaxJsonSubmit").click(function (event) {
                var txtvalue = $('#txtName').val();
                var myname = txtvalue;
                var token = $('#hdnCSRFtoken').val();
                $.ajax({
                    url: '@Url.Action("Create", "CSRFAjaxwithJsonStringify")',
                    type: "POST",
                    data: ConvertToStringify({ name: myname, token: token }),
                    dataType: "json",
                    traditional: true,
                    async: true,
                    success: function (response) {
                        $('#hdnCSRFtoken').val(response.CSRFNewToken);
                        alert(response.Message);
                    },
                    error: function (xhr) {
                        debugger;
                        alert(xhr.status);
                    }
                });
            });
        });
    </script>

Step: 5
In Controller validate session token value and parameter value and generate new token on success and pass to View.
public JsonResult Create(string name,string token)
        {
            var sessiontoken = Convert.ToString(Session["CSRFtoken"]);
            if (token == sessiontoken)
            {
                var newtoken = GenerateCSRFToken();
                return Json(new { Success = true, Message = name, CSRFNewToken = newtoken });
            }
            else
            {
                return Json(new { Success = false, Message = "Failed" });
            }
        }

Step: 6
In view update new token in hidden field value on success.
<script type="text/javascript">
        ConvertToStringify = function (data) {
            data.name = JSON.stringify(data.name);
            return (data);
        };
        $(document).ready(function () {
            $("#btnAjaxJsonSubmit").click(function (event) {
                var txtvalue = $('#txtName').val();
                var myname = txtvalue;
                var token = $('#hdnCSRFtoken').val();
                $.ajax({
                    url: '@Url.Action("Create", "CSRFAjaxwithJsonStringify")',
                    type: "POST",
                    data: ConvertToStringify({ name: myname, token: token }),
                    dataType: "json",
                    traditional: true,
                    async: true,
                    success: function (response) {
                        $('#hdnCSRFtoken').val(response.CSRFNewToken);
                        alert(response.Message);
                    },
                    error: function (xhr) {
                        debugger;
                        alert(xhr.status);
                    }
                });
            });
        });
    </script>


Comments