Dab tsi yog anti forgery token hauv MVC?
Dab tsi yog anti forgery token hauv MVC?

Video: Dab tsi yog anti forgery token hauv MVC?

Video: Dab tsi yog anti forgery token hauv MVC?
Video: Niam tais Npab Ntxhais tuag ua Dab 1/23/2020 2024, Hlis ntuj nqeg
Anonim

Txhawm rau pab tiv thaiv CSRF tawm tsam, ASP. NET MVC siv anti - forgery tokens , kuj hu ua thov kev txheeb xyuas cov cim . Tus neeg siv thov ib nplooj ntawv HTML uas muaj ib daim ntawv. Lub server suav nrog ob cov cim nyob rau hauv teb. Ib token xa mus ua ncuav qab zib. Lwm qhov yog muab tso rau hauv daim ntawv zais.

Kuj nug, Antiforgery token siv rau dab tsi?

Feem ntau, cov tiv thaiv kev dag ntxias - token yog ib qho HTML zais cov tswv yim uas tau muab rau koj kom tsis txhob CSRF tawm tsam. Feem ntau, nws ua haujlwm los ntawm kev sib piv cov nqi uas tus neeg rau zaub mov xa mus rau tus neeg siv khoom rau qhov tus neeg siv khoom xa rov qab rau ntawm tus ncej.

Tsis tas li ntawd, dab tsi yog anti forging ncuav qab zib? Anti - kev dag ntxias token yog siv los tiv thaiv CSRF (Cross-Site Request Kev dag ntxias ) tawm tsam. Nov yog nws ua haujlwm li cas hauv qib siab: IIS server koom nrog lub cim no nrog tus neeg siv tam sim no tus kheej ua ntej xa mus rau tus neeg siv khoom.

Thib ob, _ Requestverificationtoken yog dab tsi?

Cookies Search Results: _RequestVerificationToken Qhov no yog cov ncuav qab zib tiv thaiv kev dag ntxias los ntawm cov ntawv thov web tsim siv ASP. NET MVC thev naus laus zis. Nws yog tsim los txwv tsis pub tshaj tawm cov ntsiab lus rau lub vev xaib, hu ua Cross-Site Request Forgery.

Koj sim AntiForgeryToken li cas?

  1. Mus rau daim ntawv.
  2. Siv CSRF Tester txuag daim ntawv thov raws li cov ntaub ntawv HTML hauv zos.
  3. Nkag mus rau koj daim ntawv thov raws li tus neeg siv sib txawv.
  4. Siv CSRF Tester xa daim ntawv thov khaws tseg.
  5. Koj yuav tsum pom qhov yuam kev AntiForgeryToken - vim nws yuav tsis siv tau.

Pom zoo: