【发布时间】:2011-12-12 18:52:38
【问题描述】:
我正在使用 ASP.NET 4 WCF 服务进行一些数据事务。为了防止 CSRF(跨站点请求伪造),我想在输出中添加一些数据。关于如何做到这一点的任何建议?
[ServiceContract]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerCall)]
public class TestService : ServiceBase
{
[WebGet(
ResponseFormat = WebMessageFormat.Json,
UriTemplate = "/test.json")
]
public MyResponse Test ()
{
MyResponse resp;
try
{
Response.Write("for(;;){}"); // <-- Fix needed
resp = new MyResponse();
}
catch (Exception ex)
{
AjaxException aex = new AjaxException() {
message = string.Format("Test failed. Exception: {0}.", ex.Message)
};
throw new WebFaultException<AjaxException>(aex, HttpStatusCode.InternalServerError);
}
return resp;
}
}
[DataContract]
public class MyResponse {
public MyResponse() { }
[DataMember()]
public long time = ServiceUtility.Convert(DateTime.Now);
[DataMember()]
public string secret { get; set; }
}
【问题讨论】: