All geek questions in one place

How to use two AntiForgeryToken on the same page without using the Deprecated Salt property

How to use many @Html.AntiForgeryToken() on one page?

When I put it, it does not work on the remote host, only locally!

I tried using different lines for the fake token @Html.AntiForgeryToken("logoff_forgery") , but when I add [ValidateAntiForgeryToken(Salt = "logoff_forgery")] I get the following error

  'System.Web.Mvc.ValidateAntiForgeryTokenAttribute.Salt' 'The 'Salt' property is deprecated. To specify custom data to be embedded within the token, use the static AntiForgeryConfig.AdditionalDataProvider property.' D:\projects\codesan\app\CodeSan\CodeSan\Controllers\AccountController.cs 289 35 CodeSan

Does anyone know how to use static AntiForgeryConfig.AdditionalDataProvider ? If so, share it with me.

+6
source share
1 answer

As stated in the Salt description, the property is deprecated.

Here is a simple implementation for IAntiForgeryAdditionalDataProvider

 public class MyAntiForgeryAdditionalDataProvider : IAntiForgeryAdditionalDataProvider { public string GetAdditionalData(HttpContextBase context) { return GenerateTokenAndSaveItToTheDB(); } public bool ValidateAdditionalData(HttpContextBase context, string additionalData) { Guid token = Guid.TryParse(additionalData, out token) ? token : Guid.Empty; if (token == Guid.Empty) return false; return GetIfTokenIsFoundInTheDBAndNotExpired(token); } private string GenerateTokenAndSaveItToTheDB() { var newToken = Guid.NewGuid().ToString(); //save it to the db return newToken; } }

And you just register it in the Global.asax.cs file

 protected void Application_Start() { AntiForgeryConfig.AdditionalDataProvider = new MyAntiForgeryAdditionalDataProvider(); }
+2
source

Source: https://habr.com/ru/post/971870/

More articles:


All Articles