ValidateAntiForgeryToken 用途、解释和示例 [英] ValidateAntiForgeryToken purpose, explanation and example
问题描述
你能解释一下 ValidateAntiForgeryToken 目的并向我展示有关 MVC 4 中 ValidateAntiForgeryToken 的示例?
我找不到任何解释此属性的示例?
MVC 的防伪支持将唯一值写入 HTTP-only cookie,然后将相同值写入表单.提交页面时,如果 cookie 值与表单值不匹配,则会引发错误.
请务必注意,该功能可防止跨站点请求伪造.也就是说,来自另一个站点的表单发布到您的站点,以尝试使用经过身份验证的用户凭据提交隐藏内容.该攻击涉及诱使登录用户提交表单,或者在页面加载时以编程方式触发表单.
该功能不会阻止任何其他类型的数据伪造或基于篡改的攻击.</p>
要使用它,请使用 ValidateAntiForgeryToken 属性并调用 @Html.AntiForgeryToken() 在发布到方法的表单中.
Could you explain ValidateAntiForgeryToken purpose and show me example about ValidateAntiForgeryToken in MVC 4?
I could not find any examples which explain this attribute?
MVC's anti-forgery support writes a unique value to an HTTP-only cookie and then the same value is written to the form. When the page is submitted, an error is raised if the cookie value doesn't match the form value.
It's important to note that the feature prevents cross site request forgeries. That is, a form from another site that posts to your site in an attempt to submit hidden content using an authenticated user's credentials. The attack involves tricking the logged in user into submitting a form, or by simply programmatically triggering a form when the page loads.
The feature doesn't prevent any other type of data forgery or tampering based attacks.
To use it, decorate the action method or controller with the ValidateAntiForgeryToken attribute and place a call to @Html.AntiForgeryToken() in the forms posting to the method.
这篇关于ValidateAntiForgeryToken 用途、解释和示例的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
