diff --git a/src/Web/Grand.Web.AdminShared/Controllers/BaseLoginController.cs b/src/Web/Grand.Web.AdminShared/Controllers/BaseLoginController.cs
index 7d39fd990..0e3905031 100644
--- a/src/Web/Grand.Web.AdminShared/Controllers/BaseLoginController.cs
+++ b/src/Web/Grand.Web.AdminShared/Controllers/BaseLoginController.cs
@@ -139,6 +139,7 @@ await _messageProviderService.SendCustomerEmailTokenValidationMessage(customer,
     }
 
     [HttpPost]
+    [ValidateAntiForgeryToken]
     public async Task<IActionResult> TwoFactorAuthorization(string token,
         [FromServices] ITwoFactorAuthenticationService twoFactorAuthenticationService)
     {