开发者

How to prevent replay attacks or multiple postbacks using Nonce Key in ASP.NET MVC 2.0

How to prevent replay attacks or multiple postbacks using Nonce Key in MVC 2.0

I am looking for a low level implementaion solution for this. It does not have to be a complete one, but any examples of having used Nonce keys for this purpose in an action filter would be welcomed.

The idea is to stop multiple form submissions by user via multiple button press or enter key 开发者_如何学Gohits. I allready have a JavaScript solution for this but I am looking for a generic server side option now.

My Question is based on the solution offered here: What methods are available to stop multiple postbacks of a form in ASP.NET MVC?


You could store a unique key (Guid perhaps) that is stored in the users session and refreshes every time every page is loaded.

The guid should be included in every form (perhaps a hidden form field) and compared against each time.

This does have the downside if the user has more than one window open.


A possible implementation (however it's meant for AntiCSRF - but could pose useful) is HtmlHelper.AntiForgeryToken Method and ValidateAntiForgeryTokenAttribute

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜