????ASP.NET???????CSRF????
???????????? ???????[ 2015/12/14 10:56:22 ] ??????????????????? .NET
?????÷????????????????????? token ?????????????????Щ????????????????????????????????????????淢?????????????????????????????????????????? token????????????????????????? token?????????????? CSRF ???????????????????????????? token ?????????????ж??????????????????????????????????? token??????????????????????????????? csrftoken ????????????????????????У??????????????????? Referer ???????? token ?????? CSRF ????????????Щ????????????????? Referer ????????
?????? HTTP ????????????????
????????????????? token ?????????????????????????????????????? token ?????????????? HTTP ??????У??????????? HTTP ?????????????????? XMLHttpRequest ??????????????????и?????????? csrftoken ??? HTTP ?????????? token ????????С????????????????????????м??? token ???????????? XMLHttpRequest ????????????????????????????????????? token ????? Referer й???????????????
?????????????????????????XMLHttpRequest ??????????? Ajax ?????ж??????????????£????????е??????????????????????????????????????????治??????????????£????????????????????£?????????????????????????????????н??? CSRF ??????????????????????????????????з??????????????????? XMLHttpRequest ?????????????????д????????????????????????????
????CSRF?????
????????????????????????CSRF??????????????????????????????????Ч?????????????Ч???????????????CSRF???????????????С???????????????????????????????????ο??????????Protecting ASP.NET Applications Against CSRF Attacks????
????1?????Nuget ???ARMOR Web Framework
????PM> Install-Package Daishi.Armor.WebFramework
????2??????????????
????<add key=“IsArmed” value=“true” />
????<add key=“ArmorEncryptionKey” value=“{Encryption Key}” />
????<add key=“ArmorHashKey” value=“{Hashing Key}” />
????<add key=“ArmorTimeout” value=“1200000” />
????IsArmed?? ????????ARMOR ???????
????ArmorEncryptionKey??ARMOR ?????????????????????Token
????ArmorHashKey??????????????ARMOR ???????????????????ARMOR ???????????token????????
????ArmorTimeout??????????λ??ARMOR ??token??Ч??
?????????????????δ????????
????byte[] encryptionKey = new byte[32];
????byte[] hashingKey = new byte[32];
????using (var provider = new RNGCryptoServiceProvider()) {
????provider.GetBytes(encryptionKey);
????provider.GetBytes(hashingKey);
????3????ó????м??? ???ARMOR ????
????ARMOR????? Authorization Filter?? Fortification Filter ?? ARMOR UI Components?????ASP.NET MVC??ASP.NET??Web API???????÷??????????Protecting ASP.NET Applications Against CSRF Attacks??
???????????????????????漰???????????????????SPASVOС??(021-61079698-8054)?????????????????????????
??????
Asp.net MVC??ζ???????????????????????Trim????Asp.Net WebForm????????????asp.net ???????????Linux???Jexus?й?Asp.Net Core??ó???asp.net??????????????ASP.NET???????JSON????????????????ASP.NET MVC???????????Щ?£?Asp.net Core MVC?????SessionASP.NET Core???????7??????????????????[???]ASP.NET Core???????6??????????????????[???]ASP.NET Core???????5??????????????????ASP.NET???License Key??????ASP.NET Core 1.0?е???-?м????ASP.NET Core???????3???? ?????e??????[???]ASP.NET Core???????2??????????????ASP.NET?е????????????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11????????
?????????App Bug???????????????????????Jmeter?????????QC??????APP????????????????app?????е????????jenkins+testng+ant+webdriver??????????????JMeter????HTTP???????Selenium 2.0 WebDriver ??????
sales@spasvo.com