GitHunt
DE

DevExpress-Examples/asp-net-core-dashboard-antiforgery

How to apply antiforgery request validation to the ASP.NET Core Dashboard control.

antiforgeryasp-net-corebusiness-intelligencecsrfcsrf-attackscsrf-protectioncsrf-tokensdashboard-for-asp-net-coreweb-dashboard




BI Dashboard for ASP.NET Core - How to Prevent Cross-Site Request Forgery (CSRF) Attacks

The following example applies antiforgery request validation to the DevExpress ASP.NET Core Dashboard control.

Example Overview

Follow the steps below to apply antiforgery request validation.

Configure a custom dashboard controller

  1. Create a custom dashboard controller. If you already have a custom controller, you can skip this step.
namespace AspNetCoreDashboardPreventCrossSiteRequestForgery.Controllers {
    public class CustomDashboardController : DashboardController {
        public CustomDashboardController(CustomDashboardConfigurator configurator, IDataProtectionProvider dataProtectionProvider = null): base(configurator, dataProtectionProvider) { 
        }
    }    
}
  1. Change default routing to use the created controller.
app.UseEndpoints(endpoints => {
	endpoints.MapDashboardRoute("dashboardControl", "CustomDashboard");
	// ...
});
  1. Specify the controller name in the Web Dashboard settings.
@(Html.DevExpress().Dashboard("dashboardControl1")
     ...
    .ControllerName("CustomDashboard")
)

Add validation for AntiforgeryToken

  1. Add the Antiforgery service.
services.AddAntiforgery(options => {
	// Set Cookie properties using CookieBuilder properties†.
	options.FormFieldName = "X-CSRF-TOKEN";
	options.HeaderName = "X-CSRF-TOKEN";
	options.SuppressXFrameOptionsHeader = false;
});
  1. Add the AutoValidateAntiforgeryToken attribute to the custom controller.
[AutoValidateAntiforgeryToken]
public class CustomDashboardController : DashboardController {
	// ...
}
  1. Configure the Web Dashboard control's backend options.
@inject Microsoft.AspNetCore.Antiforgery.IAntiforgery Xsrf
 
@(Html.DevExpress().Dashboard("dashboardControl1")
    ...
    .ControllerName("CustomDashboard")
    .BackendOptions(backendOptions => {
        backendOptions.RequestHttpHeaders(headers => {
            headers.Add("X-CSRF-TOKEN", Xsrf.GetAndStoreTokens(HttpContext).RequestToken);
        });
    })
)

Files to Review

Documentation

More Examples

Does This Example Address Your Development Requirements/Objectives?

(you will be redirected to DevExpress.com to submit your response)

Languages

C#91.2%HTML8.8%

Contributors

NAPODEANDIAL
Other
Created June 28, 2021
Updated February 13, 2026
DevExpress-Examples/asp-net-core-dashboard-antiforgery | GitHunt