Security with QueryString values in Asp.net MVC

前端未结

关注

 7  1149

迷失自我 2020-12-10 08:30

How do you properly ensure that a user isnt tampering with querystring values or action url values? For example, you might have a Delete Comment action on your CommentContro

7条回答

天涯浪人 (楼主)

2020-12-10 08:51
You can also allow only Post requests to Delete controller action by using the Accept Verbs attribute as seen below.
```
[AcceptVerbs(HttpVerbs.Post)]
public ActionResult Delete(int? id)
{
    //Delete
}
```
Then you could also use the antiforgery token as discussed here:

http://blog.codeville.net/2008/09/01/prevent-cross-site-request-forgery-csrf-using-aspnet-mvcs-antiforgerytoken-helper/
0 讨论(0)

查看其它7个回答
发布评论:

提交评论
- 加载中...