What is the Html.AntiForgeryToken helper function for?

Question

Can somebody tell me more details about it?

Answer 1

Using AntiForgeryToken helps mitigate against cross-site request forgery attacks.

When you use it, your form will contain a hidden field and a corresponding cookie will also be set in the browser.

Then, when the form is submitted, the hidden field is checked against the cookie value (assuming that ValidateAntiForgeryTokenAttribute is used): if the field and the cookie match then the form post is probably genuine; if they don't then it's probably not. (An attacker attempting a CSRF attack might be able to forge the hidden field, but they shouldn't be able to also forge the corresponding cookie value.)