How can I set the ValidateAntiForgeryToken globall

2019-02-04 19:51发布

Security at first.

MVC best practices reccomend to add the [ValidateAntiForgeryToken] attribute to each [HttpPost] action.

How can I enforce this rule in one unique point of the application?

标签： asp.net-mvc model-view-controller asp.net-mvc-3 action-filter

1条回答

Fickle 薄情

2楼-- · 2019-02-04 20:39

The follwing class allow to do this with a FilterProvider

public IEnumerable<Filter> GetFilters(ControllerContext controllerContext, ActionDescriptor actionDescriptor)
{
    List<Filter> result = new List<Filter>();

    string incomingVerb = controllerContext.HttpContext.Request.HttpMethod;

    if (String.Equals(incomingVerb, "POST", StringComparison.OrdinalIgnoreCase))
    {
        result.Add(new Filter(new ValidateAntiForgeryTokenAttribute(), FilterScope.Global, null));
    }

    return result;
}

To use the above class add this to the RegisterGlobalFilters method in global.asx file:

...    
FilterProviders.Providers.Add(new AntiForgeryTokenFilterProvider ());
..

Doing this, each [HttpPost] will check if the Html.AntiForgeryToken() is in the view.

0人赞添加讨论(0) 举报

How can I set the ValidateAntiForgeryToken globall

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间