我安装了Microsoft.AspNetCore.Antiforgery我的asp.net核心.net框架应用程序,添加到配置服务
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddApplicationInsightsTelemetry(Configuration);
services.AddTransient<ISession, JwtSession>(s => JwtSession.Factory());
//services.AddCors();
services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN");
services.AddMvc();
}
我想在控制器中使用它并执行如下操作:
[Route("[action]"), Route("")]
[HttpGet]
public IActionResult Index()
{
var f = _antiforgery.GetAndStoreTokens(HttpContext);
return View();
}
但不知道如何将密钥放入视图中.
我想你希望Antiforgery能够使用Ajax场景.以下是一个例子:
在Startup.cs中:
// Angular's default header name for sending the XSRF token.
services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN");
用于生成防伪令牌cookie的过滤器:
public class GenerateAntiforgeryTokenCookieForAjaxAttribute : ActionFilterAttribute
{
public override void OnActionExecuted(ActionExecutedContext context)
{
var antiforgery = context.HttpContext.RequestServices.GetService<IAntiforgery>();
// We can send the request token as a JavaScript-readable cookie, and Angular will use it by default.
var tokens = antiforgery.GetAndStoreTokens(context.HttpContext);
context.HttpContext.Response.Cookies.Append(
"XSRF-TOKEN",
tokens.RequestToken,
new CookieOptions() { HttpOnly = false });
}
}
过滤器的用法:
[HttpGet]
[GenerateAntiforgeryTokenCookieForAjax]
public IActionResult Create()
{
return View();
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Create(Product product)
{
| 归档时间: |
|
| 查看次数: |
813 次 |
| 最近记录: |