Using ASP.net MVC v2.0, Any way to change the name of the __RequestVerificationToken cookie? In an effort to conceal our underlying technology stack, I’d like to rename the cookie to something that can’t be traced back to ASP.Net MVC.
More info on this at Steve Sanderson's blog.
Looking at the MVC 2 source code I dont think it's possible to change the cookie name. The AntiForgeryData class starts:
private const string AntiForgeryTokenFieldName = "__RequestVerificationToken";
and to get the cookie name it just calls:
string cookieName = AntiForgeryData.GetAntiForgeryTokenName(ViewContext.HttpContext.Request.ApplicationPath);
in the HtmlHelper class. It takes the application path and converts it to base 64 and appends it onto the end of __RequestVerificationToken which is what you see when you view the source.
If you really need to change the name I'd recommend downloading the MVC 2 source code from codeplex and look at creating your own html helper and anti forgery token using the source code as a reference. But in doing this you could always introduce your own bugs...
Hi I just checked the source ASP.NET MVC 3 Beta and this is not possible there either. I was looking for a way to extract the string "__RequestVerificationToken" instead of hard coding it. Does anyone know where to turn to request this functionality? At codeplex I'm missing a way to explicitly add request to ASP.NET MVC 3.