ValidateAntiForgeryToken盐值运行时加载 [英] runtime loading of ValidateAntiForgeryToken Salt value
问题描述
使用在 [ValidateAntiForgeryToken]
指令中的盐
参数考虑一个ASP.NET MVC应用程序。
Consider an ASP.NET MVC application using the Salt
parameter in the [ValidateAntiForgeryToken]
directive.
该方案是这样的应用程序将得到众多客户使用。这是不是非常希望有盐
在编译时已知。
The scenario is such that the app will be used by many customers. It's not terribly desirable to have the Salt
known at compile time.
目前的策略是定位在web.config中的盐值。
The current strategy is to locate the Salt value in the web.config.
[ValidateAntiForgeryToken(Salt = Config.AppSalt)]
//Config.AppSalt is a static property that reads the web.config.
这导致编译时异常提示盐
必须在编译时常量。
This leads to a compile-time exception suggesting that the Salt
must be a const at compile time.
这是属性参数必须是一个常量前pression,属性参数类型的typeof前pression或数组创建前pression
An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type
我如何修改应用程序,以允许盐运行时加载
,使应用程序不必重新咸鱼和重新编译为每个客户?
How can I modify the application to allow for a runtime loading of the Salt
so that the app doesn't have to be re-salted and recompiled for each customer?
认为盐
不会频繁地改变,如果有的话,从而去除无效形式的可能性
Consider that the Salt
won't change frequently, if at all, thereby removing the possibility of invalidating form
推荐答案
我不得不为不同的客户不同的盐的要求。在这种情况下,我用涤新的解决方案在运行时注入的盐。
I had the requirement to have different salts for different customers. In this case, I used Dixin's solution for injecting the salt at runtime.
<一个href=\"http://weblogs.asp.net/dixin/archive/2010/05/22/anti-forgery-request-recipes-for-asp-net-mvc-and-ajax.aspx\">Anti伪造请求食谱ASP.NET MVC和AJAX 的在标题为在运行时指定非恒盐
装饰你的控制器,提供一个新的属性:
Decorate your Controllers with a new attribute:
[ValidateAntiForgeryTokenWrapper(HttpVerbs.Post)]
public class ProductController : Controller
{
// Only HTTP POST requests are validated.
}
此新的属性被定义为:
public class ValidateAntiForgeryTokenWrapperAttribute : FilterAttribute, IAuthorizationFilter
{
public ValidateAntiForgeryTokenWrapperAttribute(HttpVerbs verbs)
{
this._verbs = new AcceptVerbsAttribute(verbs);
this._validator = new ValidateAntiForgeryTokenAttribute()
{
//load from web.config or anywhere else
Salt = Configurations.AntiForgeryTokenSalt
};
}
// Other members.
}
这篇关于ValidateAntiForgeryToken盐值运行时加载的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!