How to invalidate AntiForgeryToken Asp.Net MVC 3 -

i have implemented antiforgerytoken in form. working. want invalidate out side testing purpose because need see happen when antiforgerytoken tamper ?

so guide me how invalidate/tamper antiforgerytoken see exception generated. guide me how capture exception action method , redirect user page friendly message.

couple of question antiforgerytoken

1) know in details how antiforgerytoken works ?

2) antiforgerytoken generate unique value each request ? if yes why ?

3) web site may have many pages. guide me few example of page or form antiforgerytoken need implemented ?

4) can write multiple antiforgerytoken in same form....if not why? looking discussion.

thanks

invalidate modifying or deleting __requestverificationtoken cookie before submitting form.

1. i can't explain better steve sanderson.
2. once cookie set reused on user's browsing session. can salt tokens , therefore have different token different forms. don't see reason not apply post forms , actions.
3. any action modifies state based on user input (a database, user's session, ...) should protected using technique.
4. only 1 token needed 1 form postback. posting more not provide additional security , may break mvc.