AntiForgeryToken deprecated in ASP.Net MVC 4 RC

本小妞迷上赌 提交于 2019-12-31 17:50:49

问题


I just installed ASP.Net MVC 4 RC to replace ASP.Net MVC 4 beta. When trying to run an existing application I'm getting an error message that AntiForgeryToken has been deprecated. Here's my code:

using (Html.BeginForm("", "", FormMethod.Post, new { id = "MonthElectionForm" }))
{
    @Html.AntiForgeryToken("AddEditMonthElection")
}

---- UPDATE ---

ASP.Net MVC 4 RC has made the Salt property obsolete for ValidateAntiForgeryToken attribute and AntiForgeryToken html helper. So, now my code looks like this:

controller:

        [HttpPost]
        [ValidateAntiForgeryToken]
        public JsonResult CreateCompany(CompanyDataEntryViewModel modelData)
       {...}

form:

@using (Html.BeginForm("", "", FormMethod.Post, new { id = "CreateCompanyDataEntryForm" }))
{
    @Html.AntiForgeryToken()
...
}

Looking at generated HTML, AntiForgeryToken still generates a hidden field and provides an encrypted value. My action still works too. But I've lost the ability to designate a key to use in the encryption process. I'm not too sure how the process works, but before I can tell I was setting the salt value on the action and on the form. The values had to match in order for the action to accept the post. So, how do you set the salt value now? I think it has something to do with AntiForgeryConfig AdditionalDataProvider but I cannot find anything googling on how to use AntiForgeryConfig AdditionalDataProvider. Please help.

Thanks


回答1:


Setting the salt parameter is unnecessary and didn't provide any additional protection, so we removed support for it.

Please see my response at How to choose a salt value for ValidateAntiForgeryToken for more information.



来源:https://stackoverflow.com/questions/10851283/antiforgerytoken-deprecated-in-asp-net-mvc-4-rc

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!