ASP.NET MVC HTML.AntiForgeryToken（）从一个页面的多个AJAX请求 [英] ASP.NET MVC HTML.AntiForgeryToken() with multiple AJAX requests from one page

问题描述

我创建一个页面，使得多个AJAX形式的职位不需要刷新页面。

I'm creating a page that makes multiple AJAX form posts without a page refresh.

我想用ASP.NET MVC HTML.AntiForgeryToken（）帮助，以确保对CSRF攻击的形式。我认为，在页面上每个窗体可以共享同样的道理，但它会允许具有同样的多个请求？如果不是有没有办法得到一个新的令牌或其他方式来确保表格？

I would like to use the ASP.NET MVC HTML.AntiForgeryToken() helper to secure the form against CSRF attacks. I think that each form on the page can share the same token, but will it allow multiple requests with the same token? If not is there a way to get a new token or some other way to secure the forms?

推荐答案

您可以共享同样的记号。当然，作为一般规则，它的强烈建议包装你的阿贾克斯在地连接了CSRF令牌要求一个统一的方法调用（无论是GET或POST虽然POST更安全，多从建筑的角度更正确的），所以当你让Ajax调用你只关注业务的输入值，而不必担心CSRF。

You can share the same token. Of course, as a general rule, it's highly recommended to wrap your Ajax calls in a unified method that concatenates the CSRF token to the request (be it GET or POST although POST is safer and much more correct from architectural perspective), so when you make Ajax calls you focus on the business input values only, and don't need to worry about CSRF.

编辑：阅读本不错的职位和放大器;的 HTTP：//www.$c$cthinked.com/aspnet-mvc-ajax-csrf-protection-with-jquery-15

Read this nice post & sample of auto-wrapping Ajax for CSRF protection using jQuery 1.5 and up: http://www.codethinked.com/aspnet-mvc-ajax-csrf-protection-with-jquery-15

这篇关于ASP.NET MVC HTML.AntiForgeryToken（）从一个页面的多个AJAX请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！