开发者

How to extend or override BeginForm to include a AntiForgeryToken field

问答 作者:

I was reading this article (http://weblogs.asp.net/dixin/archive/2010/05/22/anti-forgery-request-recipes-for-asp-net-mvc-and-ajax.aspx) about how to prevent CSRF attacks. It seems like the solution is to create a tag inside each form.

<%: this.Html.AntiForgeryToken(Constants.AntiForgeryTokenSalt)%>

However, I really don't want to copy and开发者_Python百科 paste that code inside of each form. I would like to extend or override the BeginForm to create a BeginSecureForm that automatically adds the AntiForgeryToken. I am not sure how to add content inbetween of the BeginForm and EndForm.

Any ideas?

You should use this instead, to place the token at the right place, after the form :

public static MvcForm BeginAntiForgeryForm(this HtmlHelper htmlHelper)
    {
        var mvcForm = htmlHelper.BeginForm();
        htmlHelper.ViewContext.Writer.Write(htmlHelper.AntiForgeryToken().ToHtmlString());
        return mvcForm;
    }

继续阅读:asp.net-mvc-3csrfdrysecurity

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9