@ Html.AntiForgeryToken()的用途是什么? [英] What is the use of @Html.AntiForgeryToken()?

问题描述

为什么我们需要使用@Html.AntiForgeryToken()? 我进行了搜索，但没有得到满意的答复.

Why we need to use @Html.AntiForgeryToken()? I searched but I didn't get satisfactory answer.

推荐答案

这是一项安全功能，可帮助保护您的应用程序免受跨站点请求伪造的侵害.

This is a security feature to help protect your application against cross-site request forgery.

示例:

让我们假设您在Web应用程序中具有注册功能.您有一个AccountController(somename.com/account/register)，您希望人们在此提交他们的信息.通常，在有人发布注册信息之前，需要先访问实际(somename.com/account/register)而不是提交表单.

Let's assume you have a register functionality in your web app. You have an AccountController (somename.com/account/register) where you expect people to submit their info. Normally before someone posts the registration information needs to visit the actual (somename.com/account/register) than submit the form.

假设我是个坏人，我想用垃圾信息淹没您的服务器，我所要做的就是继续直接发布到(somename.com/account/register)，而无需访问您的网站.因此，为了阻止我，您实现了AntiForgeryToken，以便可以确保在提交注册信息之前我已经访问了该页面.

Let say I am a bad guy and I want to flood your server with junk info all I need to do is just keep posting directly to (somename.com/account/register) without visiting your site. So in order to stop me you implement AntiForgeryToken so you can make it sure I visited the page before I submitted the registration information.

另一个示例是 http://www.binaryintellect.net/articles/20e546b4-3ae9-416b-878e-5b12434fe7a6.aspx .

这篇关于@ Html.AntiForgeryToken()的用途是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！