Anti Forgery Token in ASP.NET Webforms DataManager

11 Jan 20224 minutes to read

Anti forgery tokens prevents anyone from submitting requests to your site while postback the data that are generated by a malicious script not generated by the actual user.

For this purpose, the input element with hidden value field and name attribute is created. The value from the input element stored in cookies. To enable the anti forgery, set enableAntiForgery property as true.

  • HTML
  • <input type="hidden" name="_ejRequestVerifyToken" value="f2cd20a3-5ae1-4e19-be61-d409191be3b1">
  • HTML
  • <ej:TabItem ID="Grid" Text="FirstGrid" >
        <ej:DataManager runat="server" ID="DataManager" URL="Default.aspx/DataSource" UpdateURL="Default.aspx/Update"  RemoveURL="Default.aspx/Remove" InsertURL="Default.aspx/Insert" Adaptor="WebMethodAdaptor" EnableAntiForgery="true"/>
        <ej:Grid  runat="server"  ID="gridDistributors" EnableViewState="false" AllowPaging="true" Load="OnLoad" DataManagerID="DataManager" >      
               <ej:Column Field="OrderID" HeaderText="OrderID" IsPrimaryKey="true"  TextAlign="Right" />
                    <ej:Column Field="CustomerID"  HeaderText="CustomerID" />
                    <ej:Column Field="EmployeeID" EditType="Dropdown"  Priority="2" HeaderText="EmployeeID"/>
                    <ej:Column Field="Freight" HeaderText="Freight" Format="{0:C2}" TextAlign="Right" />   
           <EditSettings AllowEditing="True" AllowAdding="True" AllowDeleting="True" ></EditSettings>
            <ToolbarSettings ShowToolbar="True" ToolbarItems="add,edit,delete,update,cancel"></ToolbarSettings> 
  • C#
  • [WebMethod]
            [ScriptMethod(ResponseFormat = ResponseFormat.Json)]
            public static object DataSource(DataManager value)
                if (HttpContext.Current.Request.Cookies["_ejRequestVerifyToken"].Value == value.antiForgery)
                    IEnumerable data = GetAllRecords();
                    var count = data.AsQueryable().Count();
                    DataOperations ds = new DataOperations();
                    data = ds.Execute(data, value);
                    return value.RequiresCounts ? new { result = data, count = count } : data as Object;
                return null;

    anti forgery token

    In the header, You can find the anti-forgery token value

    anti forgery header