ValidateAntiForgeryToken in Ajax request with AspNet Core MVC

前端 未结 3 1262
囚心锁ツ
囚心锁ツ 2021-02-14 00:18

I have been trying to recreate an Ajax version of the ValidateAntiForgeryToken - there are many blog posts on how to do this for previous versions of MVC, but with the latest MV

3条回答
  •  滥情空心
    2021-02-14 00:35

    Using a anti forgery token in a Ajax call is possible but if you are trying to secure a Api I really would suggest using a Access Token instead.

    If you are relying on a identity token stored in a cookie as authentication for your Api, you will need to write code to compensate for when your cookie authentication times out, and your Ajax post is getting redirected to a login screen. This is especially important for SPAs and Angular apps.

    Using a Access Token implementation instead, will allow you to refresh you access token (using a refresh token), to have long running sessions and also stop cookie thiefs from accessing your Apis.. and it will also stop XSRF :)

    A access token purpose is to secure resources, like Web Apis.

提交回复
热议问题