问题描述
有人可以告诉我更多细节吗?
Can somebody tell me more details about it?
推荐答案
基本上,防伪令牌可阻止任何人向由您的站点提交的请求,这些请求是由实际用户未生成的恶意脚本生成的.有一个仅HTTP的cookie(浏览器中运行的脚本不可读,但是浏览器发送并可以由服务器访问)发送到客户端,它用于生成隐藏字段值,然后针对该隐藏字段值进行验证曲奇饼.至少我认为就是这样.
Basically the anti forgery tokens stop anyone from submitting requests to your site that are generated by a malicious script not generated by the actual user. There is an HTTP only cookie (not readable by a script running in the browser, but sent by the browser and accessible by the server) that gets sent to the client, it is used to generate a hidden field value which is then validated against the cookie. At least I think that's the process.
这里有一个很好的描述,这正是您要问的 https://blogs.msmvps.com/luisabreu/blog/2009/02/09/the-mvc-platform-the-new-anti-forgery-token/
There is a good description of this here which is exactly what you are asking abouthttps://blogs.msmvps.com/luisabreu/blog/2009/02/09/the-mvc-platform-the-new-anti-forgery-token/
这篇关于Html.AntiForgeryToken辅助函数有什么作用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!