I'm using the global AutoValidateAntiforgeryTokenAttribute configured in Startup.cs, but I need to disable it for two Actions, is there a way to override this or is it all or none when done this way? I'd rather not add the Attribute to every Action when there are only two Actions in the entire application that don't need it...
public IServiceProvider ConfigureServices(IServiceCollection services)
{
services.AddMvc(options => {
options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
});
}
After searching the documentation for a while longer, I found the answer... The action method can be decorated with the IgnoreAntiforgeryToken Attribute.
[HttpPost]
[AllowAnonymous]
[IgnoreAntiforgeryToken]
public async Task<IActionResult> MyAction()
{ ... }