__RequestVerificationToken的用途是什么? [英] What's the use of the __RequestVerificationToken?

问题描述

我们有一个.NET C#MVC应用程序，其中包含某些形式的程序，可以很好地工作.现在，我们还有一个ASP Classic vbscript页面，该页面需要与这些表单进行交互，但是在常规的帖子中，我们收到一条错误消息，提示未设置__RequestVerificationToken.

We have a .NET C# MVC application with some forms in it which works fine. Now we also have an ASP Classic vbscript page that needed to interact with these forms, but using a regular post we got an error saying the __RequestVerificationToken wasn't set.

因此，我们请求页面，然后将来自隐藏输入的令牌和cookie存储在变量中，并通过POST请求将其发送很长时间.而且有效.

So we request the page and then store the token from the hidden input and the cookie in a variable and send it a long with the POST request. And it works.

但是看到它是如此简单地绕过它，反正它有什么用?它几乎没有提供任何保护.

But seeing its so simple to bypass it, whats the use of it anyway? It offers hardly any protection.

推荐答案

这是一个防伪令牌(防止CSRF攻击).它保证了发帖人是得到表格的人.

this is an anti forgery token (prevent CSRF attack). It guarantees that the poster is the one who gets the form.

它可以防止任何人伪造链接并由高级用户激活它.

It prevents from anybody to forge a link and have it activated by a powered user.

这篇关于__RequestVerificationToken的用途是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！