@ Html.AntiForgeryToken()的用途是什么? [英] What is the use of @Html.AntiForgeryToken()?
问题描述
为什么我们需要使用@Html.AntiForgeryToken()
?
我进行了搜索,但没有得到满意的答复.
Why we need to use @Html.AntiForgeryToken()
?
I searched but I didn't get satisfactory answer.
推荐答案
这是一项安全功能,可帮助保护您的应用程序免受跨站点请求伪造的侵害.
This is a security feature to help protect your application against cross-site request forgery.
示例:
让我们假设您在Web应用程序中具有注册功能.您有一个AccountController
(somename.com/account/register
),您希望人们在此提交他们的信息.通常,在有人发布注册信息之前,需要先访问实际(somename.com/account/register
)而不是提交表单.
Let's assume you have a register functionality in your web app. You have an AccountController
(somename.com/account/register
) where you expect people to submit their info. Normally before someone posts the registration information needs to visit the actual (somename.com/account/register
) than submit the form.
假设我是个坏人,我想用垃圾信息淹没您的服务器,我所要做的就是继续直接发布到(somename.com/account/register
),而无需访问您的网站.因此,为了阻止我,您实现了AntiForgeryToken,以便可以确保在提交注册信息之前我已经访问了该页面.
Let say I am a bad guy and I want to flood your server with junk info all I need to do is just keep posting directly to (somename.com/account/register
) without visiting your site. So in order to stop me you implement AntiForgeryToken so you can make it sure I visited the page before I submitted the registration information.
另一个示例是 http://www.binaryintellect.net/articles/20e546b4-3ae9-416b-878e-5b12434fe7a6.aspx .
这篇关于@ Html.AntiForgeryToken()的用途是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!