Nov 26, 2019 02:51 PM|mgebhard|LINK
In my case I ask me if I have to validate the posted data to prevent things like a bad fomatting... It's an API controller using [ApiController]. My SPA Application do this but this method is allowed for no logged in users. I just use the antiforgery validation...
is this enough to avoid having to do a second validation of the data?
Model validation and antiforgery tokens are two different platform features. Antiforgery mitigates cross site scripting vulnerabilities. If you want this feature then add it to your design.