有什么方法可以停在ASP.NET MVC形式的多个回发? [英] What methods are available to stop multiple postbacks of a form in ASP.NET MVC?
问题描述
一个常见的网络问题是用户点击一个表单多次提交按钮,这样服务器处理表单不止一次。当用户点击提交有后退按钮一种形式,因此它被重新处理也会发生这种情况。
A common web problem is where a user clicks the submit button of a form multiple times so the server processes the form more than once. This can also happen when a user hits the back button having submitted a form and so it gets processed again.
什么是在ASP.NET MVC发生停止该的最佳方式?
What is the best way of stopping this from happening in ASP.NET MVC?
可能性,我看到它是:
- 后禁用按钮提交 - 这得到轮多次点击,但不是导航
- 有接收动作立即重定向 - 浏览器似乎离开这些重定向了历史
- 将一个独特的标记在会话和窗体上 - 如果他们匹配处理表单 - 如果不清除表单的提交清新
是否有更多的?
是否有任何这些的一些具体的实施
Are there some specific implementations of any of these?
我可以看到第三个选择被实现为具有以类似的方式一的HtmlHelper延伸到防伪造东西一个ActionFilter
I can see the third option being implemented as an ActionFilter with a HtmlHelper extension in a similar manner to the anti-forgery stuff.
期待与您MVC'ers那里听到。
Looking forward to hearing from you MVC'ers out there.
推荐答案
人们往往忽视了最常规的方法来处理这也就是使用现时键
Often people overlook the most conventional way to handle this which is to use nonce keys.
您可以使用 PRG 如其他人所说,但与下行PRG的是,它并没有解决双击的问题,它需要一个额外的行程到服务器进行重定向,并且由于最后一步是一个GET请求您不必到刚刚发布的数据直接访问(虽然它可以作为一个查询参数被传递或保持在服务器侧)。
You can use PRG as others have mentioned but the downside with PRG is that it doesn't solve the double-click problem, it requires an extra trip to the server for the redirect, and since the last step is a GET request you don't have direct access to the data that was just posted (though it could be passed as a query param or maintained on the server side).
我喜欢的JavaScript解决方案,因为它工作的最的时间。
I like the Javascript solution because it works most of the time.
杜撰键然而,工作的所有时间。随机数密钥是由服务器(也被保存在数据库中)和嵌入的形式生成一个随机唯一的GUID。当用户岗位的形式,现时键也被公布。只要一个POST进来到服务器,该服务器验证在其数据库中的随机数键存在。如果这样做,服务器从数据库中删除的键并处理的形式。因此,如果用户发布两次,第二次POST将不会被处理,因为现时键处理第一篇文章后已被删除。
Nonce keys however, work all the time. The nonce key is a random unique GUID generated by the server (also saved in the database) and embedded in the form. When the user POSTs the form, the nonce key also gets posted. As soon as a POST comes in to the server, the server verifies the nonce key exists in its database. If it does, the server deletes the key from the database and processes the form. Consequently if the user POSTs twice, the second POST won't be processed because the nonce key was deleted after processing the first POST.
该随机数密钥具有额外的优势,因为它由preventing 重放攻击带来了额外的安全性(在中间有一个人嗅着你的HTTP请求,然后将其重播到将其视为一个合法的服务器)。
The nonce key has an added advantage in that it brings additional security by preventing replay attacks (a man in the middle sniffs your HTTP request and then replays it to the server which treats it as a legitimate).
这篇关于有什么方法可以停在ASP.NET MVC形式的多个回发?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
