AntiForgeryToken德$ P $在ASP.Net MVC 4 RC pcated [英] AntiForgeryToken deprecated in ASP.Net MVC 4 RC

问题描述

我刚安装ASP.Net MVC 4 RC更换ASP.Net MVC 4测试版。当试图运行现有的应用程序我收到一条错误消息， AntiForgeryToken 已去precated。这里是我的code：

I just installed ASP.Net MVC 4 RC to replace ASP.Net MVC 4 beta. When trying to run an existing application I'm getting an error message that AntiForgeryToken has been deprecated. Here's my code:

using (Html.BeginForm("", "", FormMethod.Post, new { id = "MonthElectionForm" }))
{
    @Html.AntiForgeryToken("AddEditMonthElection")
}

----更新---

ASP.Net MVC 4 RC已经使盐财产过时，ValidateAntiForgeryToken属性和AntiForgeryToken HTML帮手。所以，现在我的code是这样的：

ASP.Net MVC 4 RC has made the Salt property obsolete for ValidateAntiForgeryToken attribute and AntiForgeryToken html helper. So, now my code looks like this:

控制器：

        [HttpPost]
        [ValidateAntiForgeryToken]
        public JsonResult CreateCompany(CompanyDataEntryViewModel modelData)
       {...}

形式：

@using (Html.BeginForm("", "", FormMethod.Post, new { id = "CreateCompanyDataEntryForm" }))
{
    @Html.AntiForgeryToken()
...
}

综观生成的HTML，AntiForgeryToken仍然生成一个隐藏的领域，提供的加密值。我的行动仍然可以工作。但是我失去了指定一个关键在加密过程中使用的能力。我也不太清楚这个过程是如何工作的，但在此之前我可以告诉我设置的动作和形式的盐值。该值必须以匹配的行动来接受这个职位。那么，你怎么现在设定的盐价值？我认为这是与AntiForgeryConfig AdditionalDataProvider但我无法找到任何关于谷歌搜索如何使用AntiForgeryConfig AdditionalDataProvider。请帮助。

Looking at generated HTML, AntiForgeryToken still generates a hidden field and provides an encrypted value. My action still works too. But I've lost the ability to designate a key to use in the encryption process. I'm not too sure how the process works, but before I can tell I was setting the salt value on the action and on the form. The values had to match in order for the action to accept the post. So, how do you set the salt value now? I think it has something to do with AntiForgeryConfig AdditionalDataProvider but I cannot find anything googling on how to use AntiForgeryConfig AdditionalDataProvider. Please help.

感谢

推荐答案

设置的盐的参数是不必要的，没有提供任何额外的保护，所以我们取消了对它的支持。

Setting the salt parameter is unnecessary and didn't provide any additional protection, so we removed support for it.

请看看我在回应<一个href=\"http://stackoverflow.com/questions/9444214/how-to-choose-a-salt-value-for-validateantiforgerytoken\">How选择适合ValidateAntiForgeryToken 盐值获取更多信息。

Please see my response at How to choose a salt value for ValidateAntiForgeryToken for more information.

这篇关于AntiForgeryToken德$ P $在ASP.Net MVC 4 RC pcated的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！