what is the use of [ValidateAntiForgeryToken] and [InitializeSimpleMembership] in MVC

Posted by Ajaykumar.Pusarla under ASP.NET MVC on 1/24/2014 | Points: 10 | Views : 2036 | Status : [Member] | Replies : 1
hi, i am new to MVC i would like to know what happened when we write [ValidateAntiForgeryToken] before action method and what happened when we write [InitializeSimpleMembership] before controller class



Posted by: kgovindarao523-21772 on: 1/24/2014 [Member] [MVP] Bronze | Points: 25


AntiForgeryToken prevents external get requests. So, nobody can use your methods from other sites.
How it works:You are having AntiForgeryToken in your Html.BeginForm in View.

@using (Html.BeginForm()){
//** fields of form

When you submit form, you sends data to your Controller method. If method has ValidateAntiForgeryToken attribute, it validates if data you are sending has your ForgeryToken.
public ViewResult Update()

ForgeryToken is generated ones per session.

The InitializeSimpleMembership Attribute ensures that before any membership (login/register) related functionality is run, that the membership database has been created. If the database is not yet created, the code will automatically create one. If the simple membership initialization fails, the Web Application can continue to run requests that don’t require membership.

Simple membership initialization failure can occur for the following reasons.

1.The most common reason is the connection string to SQL Server is not valid. For example, you might not have SQL Server available. This is a frequent cause of failure in Azure. The ASP.NET MVC 4 templates by default use SqlExpress when created with Visual Studio 2010 and LocalDB when using Visual Studio 2012. SqlExpress is not installed on Azure and LocalDB does not run on Azure.
2.Multiple DBContext objects on the same database.

Thank you,

Ajaykumar.Pusarla, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response