问题描述

我进行了很多搜索，但是找不到实现AutoValidateAntiforgeryToken的方法.
我正在使用TypeScript创建Angular 6 spa，并连接到端点.NET Core 2.1
在添加的ConfigureServices中

I have searched a lot but i don't find how to implement the AutoValidateAntiforgeryToken.
I'm creating an Angular 6 spa with TypeScript, connecting to an endpoint .NET Core 2.1
In ConfigureServices added

services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN");

在AddMvc()之前添加在配置"中

before AddMvc()added in Configure

app.Use(next => context =>
{
    string path = context.Request.Path.Value;
    if (string.Equals(path, "/", StringComparison.OrdinalIgnoreCase) || string.Equals(path, "/index.html", StringComparison.OrdinalIgnoreCase))
    {
        // We can send the request token as a JavaScript-readable cookie,
        // and Angular will use it by default.
        var tokens = antiforgery.GetAndStoreTokens(context);
        context.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false });
    }
    return next(context);
});

Angular文档尚不清楚，如果我理解得很清楚，我应该阅读一个名为X-XSRF-TOKEN的cookie并在HTTP调用中作为标头发送回来:但是我尝试以angular的方式读取此cookie(使用ngx-cookie-服务，其代码为this.cookieSvc.get("X-XSRF-TOKEN"))，此cookie为空.
如果有人可以帮助，谢谢.

The Angular documentation is not clear, if i understood well i should read a cookie named X-XSRF-TOKEN and transmit back in the http call as header: but i try to read this cookie in angular (using ngx-cookie-service, with a code as this.cookieSvc.get("X-XSRF-TOKEN")) this cookie is empty.
If someone could help, thanks.

推荐答案

对于您的问题，请检查以下几点以更好地了解您的问题.

For your issue, check points below to understand your issue better.

1. 对于 CookieXSRFStrategy ，它将 XSRF-TOKEN 配置为< cookie name 和 X-XSRF-TOKEN 作为 XSRF 的 header Name .

2. 要与 Angular 相对应， Asp.Net Core 会像使用此约定一样使用此约定.

1. For CookieXSRFStrategy, it configure XSRF-TOKEN as cookie name and X-XSRF-TOKEN as header Name for XSRF.

2. To correspond to Angular, Asp.Net Core work with this convention just like you done.

• 配置您的应用程序以在名为XSRF-TOKEN的cookie中提供令牌

• Configure your app to provide a token in a cookie called XSRF-TOKEN

配置防伪服务以查找名为X-XSRF-TOKEN的标头.

Configure the antiforgery service to look for a header named X-XSRF-TOKEN.

因此，如果您想从Angular网站获取 AntiforgeryToken ，请尝试通过 XSRF-TOKEN 查询cookie.

So, if you want to get AntiforgeryToken from Angular site, try query cookies by XSRF-TOKEN.

这篇关于Angular 6和AutoValidateAntiforgeryToken的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！