TFS 937650 - SDL: Mitigate against cross-site request forgery (CSRF) attacks

use ValidateAntiForgeryToken for the actions with HttpPost Method for
JobController

DeviceAdministration/Web/Controllers/JobController.cs

@@ -176,8 +176,9 @@ namespace Microsoft.Azure.Devices.Applications.RemoteMonitoring.DeviceAdmin.Web.
             });
         }
 
-        [RequirePermission(Permission.ManageJobs)]
         [HttpPost]
+        [RequirePermission(Permission.ManageJobs)]
+        [ValidateAntiForgeryToken]
         public async Task<ActionResult> ScheduleTwinUpdate(ScheduleTwinUpdateModel model)
         {
             var twin = new Twin();
@@ -226,8 +227,9 @@ namespace Microsoft.Azure.Devices.Applications.RemoteMonitoring.DeviceAdmin.Web.
             return RedirectToAction("Index", "Job", new { jobId = jobId });
         }
 
-        [RequirePermission(Permission.ManageJobs)]
         [HttpPost]
+        [RequirePermission(Permission.ManageJobs)]
+        [ValidateAntiForgeryToken]
         public async Task<ActionResult> ScheduleIconUpdate(ScheduleTwinUpdateModel model)
         {
             var twin = new Twin() { ETag = "*" };
@@ -267,8 +269,9 @@ namespace Microsoft.Azure.Devices.Applications.RemoteMonitoring.DeviceAdmin.Web.
             });
         }
 
-        [RequirePermission(Permission.ManageJobs)]
         [HttpPost]
+        [RequirePermission(Permission.ManageJobs)]
+        [ValidateAntiForgeryToken]
         public async Task<ActionResult> ScheduleDeviceMethod(ScheduleDeviceMethodModel model)
         {
             string methodName = model.MethodName.Split('(').First();