Hi,
I have created an ASP.Net Web Forms application using Visual Studio 2015 and I am using .NET Framework 4.6.
My web application has a Site.master file I have something like this in Site.master file:
<body>
<form id="form1" runat=”server”>
<navbar...my dropdown menu goes here>
</navbar>
</form>
</body>
i need to include <form id="form1" runat=”server”> inside my site.master file because I have other pages that are pulling data from the database and I am using site.master page to control the layout.
When my application was scanned using Fortify security software it was giving me the Cross-Site Request Forgery (CSRF) vulnerability on site.master page.
The finding was: "The form post must contain a user-specific secret in order to prevent an attacker from making unauthorized requests"
And it highllights this code <form id="form1" runat=”server”> in yellow.
I haven't found many articles whcih talk about ASP.NET Web Forms and therefore I am stuck with it.
Your help is greatly appreciated. Thanks so much