ValidateAntiForgeryToken目的，说明和示例 [英] ValidateAntiForgeryToken purpose, explanation and example

问题描述

您能解释<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.mvc.validateantiforgerytokenattribute%28v=vs.100%29.aspx\">ValidateAntiForgeryToken目的和告诉我如约 ValidateAntiForgeryToken 在MVC 4？

Could you explain ValidateAntiForgeryToken purpose and show me example about ValidateAntiForgeryToken in MVC 4?

我找不到它解释这个属性的例子？

I could not find any examples which explain this attribute?

推荐答案

MVC的防伪支持唯一的值写入一个仅HTTP的cookie，然后将相同的值写入形式。当页面被提交后，如果cookie值不匹配的形式值的出现错误。

MVC's anti-forgery support writes a unique value to an HTTP-only cookie and then the same value is written to the form. When the page is submitted, an error is raised if the cookie value doesn't match the form value.

要注意的是，功能prevents 跨站请求伪造中是很重要的。也就是说，从其他网站的帖子送到你的网站，企图使用经过身份验证的用户的凭据提交隐藏的内容形式。攻击涉及欺骗登录的用户到提交表单，或者通过简单的编程触发一个表单页面加载时。

It's important to note that the feature prevents cross site request forgeries. That is, a form from another site that posts to your site in an attempt to submit hidden content using an authenticated user's credentials. The attack involves tricking the logged in user into submitting a form, or by simply programmatically triggering a form when the page loads.

该功能不会prevent任何其他类型的数据伪造或篡改攻击为主的。

The feature doesn't prevent any other type of data forgery or tampering based attacks.

要使用它，装饰操作方法或控制器与<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.mvc.validateantiforgerytokenattribute.aspx\"><$c$c>ValidateAntiForgeryToken属性和发出呼叫<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.mvc.htmlhelper.antiforgerytoken.aspx\"><$c$c>@Html.AntiForgeryToken()在形式张贴到方法。

To use it, decorate the action method or controller with the ValidateAntiForgeryToken attribute and place a call to @Html.AntiForgeryToken() in the forms posting to the method.

这篇关于ValidateAntiForgeryToken目的，说明和示例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！