如何扩展或覆盖BeginForm包含一个AntiForgeryToken场 [英] How to extend or override BeginForm to include a AntiForgeryToken field

问题描述

我在读这篇文章（<一个href=\"http://weblogs.asp.net/dixin/archive/2010/05/22/anti-forgery-request-recipes-for-asp-net-mvc-and-ajax.aspx\">http://weblogs.asp.net/dixin/archive/2010/05/22/anti-forgery-request-recipes-for-asp-net-mvc-and-ajax.aspx)有关如何prevent CSRF攻击，这似乎是解决方案是创建每个表单内的标签。

I was reading this article (http://weblogs.asp.net/dixin/archive/2010/05/22/anti-forgery-request-recipes-for-asp-net-mvc-and-ajax.aspx) about how to prevent CSRF attacks. It seems like the solution is to create a tag inside each form.

<%: this.Html.AntiForgeryToken(Constants.AntiForgeryTokenSalt)%>

不过，我真的不想给每个窗体内部复制和粘贴code。我想扩展或覆盖BeginForm创建BeginSecureForm自动添加AntiForgeryToken。我不知道如何添加内容的插图中的BeginForm和端部结构的。

However, I really don't want to copy and paste that code inside of each form. I would like to extend or override the BeginForm to create a BeginSecureForm that automatically adds the AntiForgeryToken. I am not sure how to add content inbetween of the BeginForm and EndForm.

任何想法？

推荐答案

您应该使用这个，放置令牌在正确的地方，表单之后：

You should use this instead, to place the token at the right place, after the form :

public static MvcForm BeginAntiForgeryForm(this HtmlHelper htmlHelper)
    {
        var mvcForm = htmlHelper.BeginForm();
        htmlHelper.ViewContext.Writer.Write(htmlHelper.AntiForgeryToken().ToHtmlString());
        return mvcForm;
    }

这篇关于如何扩展或覆盖BeginForm包含一个AntiForgeryToken场的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！