如何扩展或覆盖BeginForm包含一个AntiForgeryToken场 [英] How to extend or override BeginForm to include a AntiForgeryToken field
问题描述
我在读这篇文章(<一个href=\"http://weblogs.asp.net/dixin/archive/2010/05/22/anti-forgery-request-recipes-for-asp-net-mvc-and-ajax.aspx\">http://weblogs.asp.net/dixin/archive/2010/05/22/anti-forgery-request-recipes-for-asp-net-mvc-and-ajax.aspx)有关如何prevent CSRF攻击,这似乎是解决方案是创建每个表单内的标签。
I was reading this article (http://weblogs.asp.net/dixin/archive/2010/05/22/anti-forgery-request-recipes-for-asp-net-mvc-and-ajax.aspx) about how to prevent CSRF attacks. It seems like the solution is to create a tag inside each form.
<%: this.Html.AntiForgeryToken(Constants.AntiForgeryTokenSalt)%>
不过,我真的不想给每个窗体内部复制和粘贴code。我想扩展或覆盖BeginForm创建BeginSecureForm自动添加AntiForgeryToken。我不知道如何添加内容的插图中的BeginForm和端部结构的。
However, I really don't want to copy and paste that code inside of each form. I would like to extend or override the BeginForm to create a BeginSecureForm that automatically adds the AntiForgeryToken. I am not sure how to add content inbetween of the BeginForm and EndForm.
任何想法?
推荐答案
您应该使用这个,放置令牌在正确的地方,表单之后:
You should use this instead, to place the token at the right place, after the form :
public static MvcForm BeginAntiForgeryForm(this HtmlHelper htmlHelper)
{
var mvcForm = htmlHelper.BeginForm();
htmlHelper.ViewContext.Writer.Write(htmlHelper.AntiForgeryToken().ToHtmlString());
return mvcForm;
}
这篇关于如何扩展或覆盖BeginForm包含一个AntiForgeryToken场的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!