ASP.Net MVC的AntiForgeryToken方法是否与负载平衡器一起工作？ [英] Will ASP.Net MVC's AntiForgeryToken Method work with Load Balancers?

问题描述

使用ASP.Net MVC v2.0，我开始研究在提交处理数据的表单时使用 Html.AntiForgeryToken（）方法。我可以看到它设置一个隐藏的值在HTML形式，它在会话cookie中设置相同的值。

问题是负载平衡配置中的不同网络服务器会在HTML表单中创建相同的令牌吗？那么cookie和隐藏的表单值将不匹配，我们会有一个问题。

感谢Paul，

如果农场上的所有机器共享相同的< machineKey> ，一切都将正常工作。有大量资源如何设置。还有 MSDN上的教程。 p>

注意，名称< machineKey> 有点误导，因为这实际上是在〜/ Web.config 。因此，在应用程序的Web.config中显式地设置< machineKey> ，然后在您的服务器场中部署。

Using ASP.Net MVC v2.0, I am starting to research the use of the Html.AntiForgeryToken() method when submitting forms that process data. I can see it sets a hidden value in the form HTML and it sets the same value in a session cookie.

The question is will different web servers in a load balanced configuration create the same token in the HTML forms? It seems if they don't then the cookie and hidden form value wouldn't match and we would have a problem. Before I get into actually testing this in a LB configuration, wanted to check if anyone already has experience with this?

Thanks, Paul

解决方案

If all machines across the farm share the same <machineKey>, everything will work. There are lots of resources on how to set this. There's also a tutorial on MSDN.

Note that the name <machineKey> is a bit misleading, since this is actually set per-application in ~/Web.config. So set the <machineKey> explicitly in your app's Web.config, then deploy across your farm.

这篇关于ASP.Net MVC的AntiForgeryToken方法是否与负载平衡器一起工作？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！