myesn

myEsn2E9

hi
github
HomeArchives作品集开发助手水龙头

ASP.NET Core: AntiForgeryToken 生成方式

#ASP.NET Core21
AI-generated summary
ASP.NET Core Razor Pages applications automatically enable AntiforgeryToken validation for HTTP verbs like POST, PUT, PATCH, and DELETE. This validation compares antiforgery cookie and token values before executing actions. Two ways to generate tokens are through form forms and manually adding code to the page. More information can be found in the provided references.

简介#

ASP.NET Core Razor Pages 应用默认开启了 AntiforgeryToken 验证,也就是 POST、PUT、PATCH、DELETE 等 HTTP 谓词都会在 Action 被执行前验证 AntiforgeryToken,也就是会比对 antiforgery cookie 和 antiforgery token 值,缺一不可,如果缺失 cookie 或者 token 的值(请求头或者表单内容中)都会直接响应 400 的错误。

生成方式#

Token 的生成方式有两种。

form 表单#

第一种,通过编写 form 表单,会自动生成 Token 所需的数据:

<form method="post">
    ...
</form>

生成原理参考:https://learn.microsoft.com/en-us/aspnet/core/security/anti-request-forgery#antiforgery-in-aspnet-core

手动代码#

第二种是在页面上添加显示代码:

@Html.AntiForgeryToken()

方法解释:https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.viewfeatures.htmlhelper.antiforgerytoken

参考#

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.