Geek Answers Handbook

Rename AntiForgeryToken Hidden Login Name from __RequestVerificationToken

(Doing this to obfuscate the ASP.NET MVC Framework in a web application.)

Renamed the cookie name with the AntiForgeryConfig static class through Helpers to Application_Start.

Global.asax

AntiForgeryConfig.CookieName = "Test";

But it is still obvious that AntiForgeryToken is used due to the input name:

Front end :

 <input name="__RequestVerificationToken" type="hidden" value="blahblahblah" />

Perhaps the value smells like MVC encoding, but I'm not quite sure what is connected with this. (A different issue is valid, but comments / other approaches are welcome and appreciated independently.)

+7
source share
2 answers

After checking the source code on CodePlex, it appears that this value is hard-coded as a constant. Therefore, there is no easy way to change this value. You can see it here: http://aspnetwebstack.codeplex.com/SourceControl/latest#src/System.Web.WebPages/Helpers/AntiForgeryConfig.cs

I am surprised that it is not configurable. In any case, it looks like what you want to do is impossible.

However, I advise you to create a function request on Codeplex and hope that they implement it.

Note. If you want really hardcore, you can always download the code and make changes, but this will probably give you more problems than it solves.

+6
source

The answer at https://stackoverflow.com/a/3609608/ should start you.

Changing the input name is nontrivial. Both the Html.AntiForgeryToken helper and the ValidationAntiforgeryToken attribute rely on the input name, which is "__RequestVerificationToken". If you want this to be something else, you will need to minimize the AntiForgery API and create your own versions of both the helper and the attribute to check for your chosen name.

+3
source

More articles:


All Articles