Anti-Forgery Tokens and ASP.NET Core APIs

added by DotNetKicks
2/6/2017 2:19:59 PM

4 Kicks, 539 Views

In modern web programming, you can never have too many tokens. There are access tokens, refresh tokens, anti-XSRF tokens, and more. It's the last type of token that I've gotten a lot of questions about recently. Specifically, does one need to protect against cross site requests forgeries when building an API based app?