ASP.Net MVC的AntiForgeryToken方法将负载平衡器工作？ [英] Will ASP.Net MVC's AntiForgeryToken Method work with Load Balancers?

问题描述

使用ASP.Net MVC 2.0，我开始提交的数据处理方式时，研究使用 Html.AntiForgeryToken（）的方法。我可以看到它的形式HTML设置一个隐藏的价值，并将它设置在一个会话cookie的值相同。

Using ASP.Net MVC v2.0, I am starting to research the use of the Html.AntiForgeryToken() method when submitting forms that process data. I can see it sets a hidden value in the form HTML and it sets the same value in a session cookie.

问题是，将在负载平衡配置不同的Web服务器创建的HTML表单的同样的道理吗看来，如果他们不那么该cookie和隐藏的表单价值将不匹配，我们将有一个问题。在我进入了LB配置实际测试这一点，要检查是否有人已经有这方面的经验？

The question is will different web servers in a load balanced configuration create the same token in the HTML forms? It seems if they don't then the cookie and hidden form value wouldn't match and we would have a problem. Before I get into actually testing this in a LB configuration, wanted to check if anyone already has experience with this?

谢谢，保罗

推荐答案

如果整个农场份额的所有机器一样＆LT;的machineKey＆GT; ，一切都将正常工作。有大量资源关于如何设置此。还有 MSDN上的教程。

If all machines across the farm share the same <machineKey>, everything will work. There are lots of resources on how to set this. There's also a tutorial on MSDN.

请注意，该名称＆LT;的machineKey＆GT; 是有点误导，因为这是每个应用程序的〜/ Web.config中<实际设置/ code>。所以设置＆LT;的machineKey方式＆gt; 明确在你的应用程序的Web.config，然后在你的农场部署

Note that the name <machineKey> is a bit misleading, since this is actually set per-application in ~/Web.config. So set the <machineKey> explicitly in your app's Web.config, then deploy across your farm.

这篇关于ASP.Net MVC的AntiForgeryToken方法将负载平衡器工作？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！