asp.net核心1.1 antiforgery角2/4

Question

我試圖在asp.net核心1.1上使用angurl 2/4 cli實現防僞令牌，但每次使用「ValidateAntiForgeryToken」系統時都會給我400個錯誤的請求錯誤。

在asp.net startup.cs我有使用

services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN"); 



app.Use(async (context, next) =>{ 
await next(); 
string path = context.Request.Path.Value; 
if (path != null && !path.ToLower().Contains("/api")) 
{ 
     var tokens = antiforgery.GetAndStoreTokens(context); 
     context.Response.Cookies.Append("XSRF-TOKEN", 
     tokens.RequestToken, new CookieOptions{HttpOnly = false}); 
} 

if (context.Response.StatusCode == 404 && 
    !Path.HasExtension(context.Request.Path.Value)) 
{ 
    context.Request.Path = "/index.html"; 
    context.Response.StatusCode = 200; 
    await next(); 
} 

}）;

在角app.module.ts

我使用類似

provider:[{ provide: XSRFStrategy, useFactory: xsrfFactory}], 

export function xsrfFactory() { 
    return new CookieXSRFStrategy('*******', '********'); 
} 

Answer 1

本指南有幫助嗎？ http://www.dotnetcurry.com/aspnet/1343/aspnet-core-csrf-antiforgery-token

public class AngularAntiforgeryCookieResultFilter: ResultFilterAttribute 
{ 
    private IAntiforgery antiforgery; 
    public AngularAntiforgeryCookieResultFilter(IAntiforgery antiforgery) 
    { 
     this.antiforgery = antiforgery; 
    } 

    public override void OnResultExecuting(ResultExecutingContext context) 
    { 
     if (context.Result is ViewResult) 
     { 
      var tokens = antiforgery.GetAndStoreTokens(context.HttpContext); 
      context.HttpContext.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false }); 
     } 
    } 
} 

services.AddAntiforgery(opts => opts.HeaderName = "X-XSRF-Token"); 
services.AddMvc(opts => 
{ 
    opts.Filters.AddService(typeof(AngularAntiforgeryCookieResultFilter)); 
}); 
services.AddTransient<AngularAntiforgeryCookieResultFilter>();