Security Considerations
We recommend that you use AntiForgery token if your application contains the editable ASPxDiagram control to prevent a cross-site request forgery attack, because the control synchronizes its data with the server.
Note that authorization mechanisms that allow you to deny access through Insecure Direct Object References (for example: example.com/app/SecureReport.aspx?id=1) do not protect you from CSRF attacks.
For more information, review the following topic: Preventing Cross-Site Request Forgery (CSRF).