问题描述

有人可以告诉我更多细节吗?

Can somebody tell me more details about it?

推荐答案

基本上，防伪令牌可阻止任何人向由您的站点提交的请求，这些请求是由实际用户未生成的恶意脚本生成的.有一个仅HTTP的cookie(浏览器中运行的脚本不可读，但是浏览器发送并可以由服务器访问)发送到客户端，它用于生成隐藏字段值，然后针对该隐藏字段值进行验证曲奇饼.至少我认为就是这样.

Basically the anti forgery tokens stop anyone from submitting requests to your site that are generated by a malicious script not generated by the actual user. There is an HTTP only cookie (not readable by a script running in the browser, but sent by the browser and accessible by the server) that gets sent to the client, it is used to generate a hidden field value which is then validated against the cookie. At least I think that's the process.

这里有一个很好的描述，这正是您要问的 https://blogs.msmvps.com/luisabreu/blog/2009/02/09/the-mvc-platform-the-new-anti-forgery-token/

There is a good description of this here which is exactly what you are asking abouthttps://blogs.msmvps.com/luisabreu/blog/2009/02/09/the-mvc-platform-the-new-anti-forgery-token/

这篇关于Html.AntiForgeryToken辅助函数有什么作用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！