在ajax调用后为表单重新生成AntiForgeryToken [英] Regenerating AntiForgeryToken for form after ajax call

问题描述

以下

Following asp-net core docs I successfully call my actions using ajax and add the antiforgery token as a header.

现在，我想按每个请求"进行此验证.Ajax调用不会刷新表单和验证令牌，对于所有后续请求都是相同的.可以，但是不满足我的安全要求.

Now I want to make this validation "per request". The ajax call is not refreshing the form and the validation token it's the same for all subsequent requests. Which works ok but does not satisfy my security requirements.

我想在响应中附加一个新令牌，更新表单，并确保一旦我使用了不再有效的令牌.

I would like to attach to my response a new token, update the form and be sure that once I used a token that is not valid anymore.

推荐答案

您必须在每个请求上调用以下代码:-

You have to call below code on every request:-

var token = antiforgery.GetAndStoreTokens(httpContext);
        context.Response.Cookies.Append(requestTokenCookieName, tokens.RequestToken, new CookieOptions()
                        {
                            HttpOnly = false, 
                            Secure = true
                        });

它将创建新令牌并将其添加到响应中.但是，对每个请求调用上面的代码并没有那么多好处.

It will create new token and will add it to the response. But calling above code on every request is not all that beneficial.

有关防伪的更多信息，请参见以下链接:-如何用angular2应用程序和网络核心应用程序实现X-XSRF-TOKEN?

Please see the below link for more detail on Antiforgery:- How to implement X-XSRF-TOKEN with angular2 app and net core app?

这篇关于在ajax调用后为表单重新生成AntiForgeryToken的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！