Dab tsi yog ValidateAntiForgeryToken tus cwj pwm hauv MVC?
Dab tsi yog ValidateAntiForgeryToken tus cwj pwm hauv MVC?

Video: Dab tsi yog ValidateAntiForgeryToken tus cwj pwm hauv MVC?

Video: Dab tsi yog ValidateAntiForgeryToken tus cwj pwm hauv MVC?
Video: Saib Mis paub Poj niam (hluas nkauj) tus yam ntxwv lub siab 2024, Kaum ib hlis
Anonim

Thaum koj ua qhov no, ASP. NET MVC emits lub ncuav qab zib thiab ib daim ntawv teb nrog ib tug anti-forgery token (ib tug encrypted token). Ib zaug [ ValidateAntiForgeryToken ] tus cwj pwm tau teeb tsa tus maub los yuav xyuas tias qhov kev thov tuaj muaj qhov kev thov pov thawj cov kua nplaum uas thiab daim ntawv thov zais daim ntawv pov thawj.

Tsis tas li, Validateantifforerytoken hauv MVC yog dab tsi?

Txhawm rau pab tiv thaiv CSRF tawm tsam, ASP. NET MVC siv anti-forgery tokens, kuj hu ua thov pov thawj tokens. Tus neeg siv thov ib nplooj ntawv HTML uas muaj ib daim ntawv. Lub server suav nrog ob lub tokens hauv cov lus teb. Ib tug token raug xa mus ua ib lub ncuav qab zib. Lwm qhov yog muab tso rau hauv daim ntawv zais.

Ib sab saum toj no, _ Requestverificationtoken yog dab tsi? Cookies Search Results: _RequestVerificationToken Qhov no yog cov ncuav qab zib tiv thaiv kev dag ntxias los ntawm cov ntawv thov web tsim siv ASP. NET MVC thev naus laus zis. Nws yog tsim los txwv tsis pub tshaj tawm cov ntsiab lus rau lub vev xaib, hu ua Cross-Site Request Forgery.

Hais txog qhov no, vim li cas peb thiaj siv HTML AntiForgeryToken () hauv MVC?

Qhov no yog txhawm rau tiv thaiv Cross-site thov cuav hauv koj MVC daim ntawv thov. Qhov no yog ib feem ntawm OWASP Top 10 thiab nws yog ib qho tseem ceeb ntawm kev ruaj ntseg web. Kev siv cov @ Html . AntiforgeryToken() txoj kev yuav tsim ib lub token rau txhua qhov kev thov yog li ntawd tsis muaj leej twg tuaj yeem tsim ib daim ntawv xa tawm.

Dab tsi yog attribute routing hauv MVC?

Txoj kev yog li cas ASP. NET MVC phim URI rau ib qho kev nqis tes ua. Raws li lub npe implies, attribute routing siv yam ntxwv txhais txoj kev . Attribute routing muab koj tswj ntau dua URIs hauv koj daim ntawv thov web. Ua ntej style ntawm txoj kev , hu ua convention-based txoj kev , tseem txhawb nqa.

Pom zoo: