[英]configure antiforgerytoken single use mvc asp.net
I want to modify the AntiForgeryToken for each request. 我想为每个请求修改AntiForgeryToken。
I read these posts: 我读了这些帖子:
The initial post clearly rules it out, but the latter seems to mention that it is "quite simple". 最初的职位显然将其排除在外,但后者似乎提到它“非常简单”。 However I did not quite get how to achieve single use for the token.
但是,我不太了解如何实现令牌的单次使用。
Under my current implementation I have tokens delivered as Secure http-only cookies. 在我当前的实现中,我将令牌作为仅安全HTTP cookie交付。 But it stays constant for the entire session.
但是在整个会话中它保持不变。 I don't care if my implementation breaks the back button.
我不在乎我的实现是否中断了后退按钮。 Any suggestions?
有什么建议么?
Since we don't have your example not sure how you are using this, but a simple form like this does display a new token on every request in the form 由于我们没有您的示例,所以不确定您如何使用它,但是像这样的简单表单确实会在表单中的每个请求上显示一个新令牌
@using (Html.BeginForm()) {
@Html.AntiForgeryToken()
@Html.ValidationSummary(true)<fieldset>
<legend>Person</legend>
<div class="editor-label">
@Html.LabelFor(model => model.Name)
</div>
<div class="editor-field">
@Html.EditorFor(model => model.Name)
@Html.ValidationMessageFor(model => model.Name)
</div>
<div class="editor-label">
@Html.LabelFor(model => model.Address)
</div>
<div class="editor-field">
@Html.EditorFor(model => model.Address)
@Html.ValidationMessageFor(model => model.Address)
</div>
<p>
<input type="submit" value="Save" />
</p>
</fieldset> }
Form above shows me different values in each request like 上面的表格向我显示了每个请求中的不同值,例如
<input name="__RequestVerificationToken" type="hidden" value="53WW641jzT5QWcIrrLltqF0OGt79US1eBwue1MQU6lW200CxUiD6fcC949RZee4gcNrFNnaP5QYFi6lJd_QmuUqSfex7wWHwWjUC30_kVrI1" />
<input name="__RequestVerificationToken" type="hidden" value="QXHlA8N9g_95YbPeEpjPHhjQFV9IMNJf7eEdnPnADH9BPgQg_DQQKQqf9diPAxMQWJoBcT6FeXCIECe-Qd6Q6wA5BimVlU9K0C67nokzuXQ1" />
There is more information on SO here which also references to other detailed information outside here 还有更多的信息, 所以这里也引用到其他详细信息以外这里
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.