Edllx.Dotnet.CSRF
1.1.2
dotnet add package Edllx.Dotnet.CSRF --version 1.1.2
NuGet\Install-Package Edllx.Dotnet.CSRF -Version 1.1.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Edllx.Dotnet.CSRF" Version="1.1.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="Edllx.Dotnet.CSRF" Version="1.1.2" />
<PackageReference Include="Edllx.Dotnet.CSRF" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add Edllx.Dotnet.CSRF --version 1.1.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: Edllx.Dotnet.CSRF, 1.1.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#addin nuget:?package=Edllx.Dotnet.CSRF&version=1.1.2
#tool nuget:?package=Edllx.Dotnet.CSRF&version=1.1.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
🔐 CSRF Protection: Signed Double-Submit Cookie
This implementation enables Cross-Site Request Forgery (CSRF) protection using the Signed Double-Submit Cookie pattern.
🧱 Blazor Server Setup
Configure CSRF in your Blazor Server app by registering the CSRFService:
builder.Services.AddSingleton(typeof(Program).Assembly);
builder.Services.AddSingleton<CSRFService>(s =>
{
return new CSRFService(secretKey, tokenName, cookieName, domain);
});
// Add CSRF middleware
app.UseCSRFBlazorServer();
🛠️ ASP.NET Core API Setup
In your ASP.NET Core API project, register the same CSRFService with matching configuration:
builder.Services.AddSingleton<CSRFService>(s =>
{
return new CSRFService(secretKey, tokenName, cookieName, domain);
});
// Add CSRF middleware
app.UseCSRFApi();
Both the server and API must use the same secret key and configuration to ensure proper validation.
🌱 Environment Variable Configuration
Alternatively you can use env variables
CSRF_SECRET_KEY=""
CSRF_HEADER_NAME=""
CSRF_COOKIE_NAME=""
DOMAIN=""
Then, load them into your application using DotNetEnv:
// Load environment variables
// Use DotNetEnv package
Env.Load();
builder.Configuration.AddEnvironmentVariables();
// Register CSRF service
builder.Services.AddSingleton<CSRFService>();
📚 Resources
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net8.0
- No dependencies.
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.