diff --git a/samples/IdentitySample.Mvc/Controllers/ManageController.cs b/samples/IdentitySample.Mvc/Controllers/ManageController.cs index 1ea61e2e35..256b33e75d 100644 --- a/samples/IdentitySample.Mvc/Controllers/ManageController.cs +++ b/samples/IdentitySample.Mvc/Controllers/ManageController.cs @@ -176,7 +176,8 @@ namespace IdentitySamples.Controllers // // GET: /Manage/RemovePhoneNumber - [HttpGet] + [HttpPost] + [ValidateAntiForgeryToken] public async Task RemovePhoneNumber() { var user = await GetCurrentUserAsync(); diff --git a/samples/IdentitySample.Mvc/Views/Manage/Index.cshtml b/samples/IdentitySample.Mvc/Views/Manage/Index.cshtml index fba368f83e..79a2d97ddb 100644 --- a/samples/IdentitySample.Mvc/Views/Manage/Index.cshtml +++ b/samples/IdentitySample.Mvc/Views/Manage/Index.cshtml @@ -5,30 +5,26 @@

@ViewData["Title"].

@ViewData["StatusMessage"]

+

Change your account settings

Password:
- [ @if (Model.HasPassword) { - Change + [  Change  ] } else { - Create + [  Create  ] } - ]
External Logins:
- - @Model.Logins.Count [ Manage ] + @Model.Logins.Count [  Manage  ]
- -
Phone Number:

@@ -36,18 +32,19 @@ See this article for details on setting up this ASP.NET application to support two-factor authentication using SMS.

- @*@(Model.PhoneNumber ?? "None") [ + @*@(Model.PhoneNumber ?? "None") @if (Model.PhoneNumber != null) { - Change - @:  |  - Remove +
+ [  Change  ] +
+ [] +
} else { - Add - } - ]*@ + [  Add  ] + }*@
Two-Factor Authentication:
@@ -59,21 +56,15 @@ @*@if (Model.TwoFactor) {
- - Enabled - - + Enabled []
} else {
- - Disabled - - + [] Disabled
}*@
-
+ \ No newline at end of file diff --git a/samples/Interop45/Controllers/ManageController.cs b/samples/Interop45/Controllers/ManageController.cs index 25bce33289..1ae5a3d7eb 100644 --- a/samples/Interop45/Controllers/ManageController.cs +++ b/samples/Interop45/Controllers/ManageController.cs @@ -196,6 +196,8 @@ namespace Interop45.Controllers // // GET: /Manage/RemovePhoneNumber + [HttpPost] + [ValidateAntiForgeryToken] public async Task RemovePhoneNumber() { var result = await UserManager.SetPhoneNumberAsync(User.Identity.GetUserId(), null); diff --git a/samples/Interop45/Views/Manage/Index.cshtml b/samples/Interop45/Views/Manage/Index.cshtml index de3a7c21a6..997ca9b708 100644 --- a/samples/Interop45/Views/Manage/Index.cshtml +++ b/samples/Interop45/Views/Manage/Index.cshtml @@ -39,18 +39,17 @@ @*
Phone Number:
- @(Model.PhoneNumber ?? "None") [ - @if (Model.PhoneNumber != null) - { - @Html.ActionLink("Change", "AddPhoneNumber") - @:  |  - @Html.ActionLink("Remove", "RemovePhoneNumber") - } - else - { - @Html.ActionLink("Add", "AddPhoneNumber") - } - ] + @(If(Model.PhoneNumber, "None")) + @If (Model.PhoneNumber <> Nothing) Then + @
+ @[  @Html.ActionLink("Change", "AddPhoneNumber")  ] + @Using Html.BeginForm("RemovePhoneNumber", "Manage", FormMethod.Post, New With {.class = "form-horizontal", .role = "form"}) + @Html.AntiForgeryToken + @[] + End Using + Else + @[  @Html.ActionLink("Add", "AddPhoneNumber")   ] + End If
*@
Two-Factor Authentication: