AntiForgery implementation in Asp.net Forms

2019-07-03 15:58发布

I am developing an httphandler to process some requests in Web Forms (NOT in MVC).
How could I implement Anti Cross Site Scripting (like antiforgery in MVC)?
I want to know mre about the antiforgery mechanism in MVC.

标签： asp.net forms httphandler antiforgerytoken

1条回答

你好瞎i

2楼-- · 2019-07-03 16:39

If you can access the Page, you can use the ViewStateUserKey property of the Page. Here is an example of how to do this from within the page, but you will get the idea:

protected void Page_Init(object sender, EventArgs e)
{
    // Validate whether ViewState contains the MAC fingerprint
    // Without a fingerprint, it's impossible to prevent CSRF.
    if (!this.Page.EnableViewStateMac)
    {
        throw new InvalidOperationException(
            "The page does NOT have the MAC enabled and the view" +
            "state is therefore vulnerable to tampering.");
    }

    this.ViewStateUserKey = this.Session.SessionID;
}

While the ViewStateUserKey is pretty safe, there are some short comes with this. You can read more about that here.

0人赞添加讨论(0) 举报

AntiForgery implementation in Asp.net Forms

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间