\u8de8\u7ad9\u8acb\u6c42\u507d\u9020\uff08CSRF\uff09\u662f\u4e00\u7a2e\u5e38\u898b\u7684\u7db2\u7d61\u653b\u64ca\u624b\u6cd5\uff0c\u653b\u64ca\u8005\u5229\u7528\u53d7\u5bb3\u8005\u7684\u8eab\u4efd\uff0c\u5411\u7db2\u7ad9\u767c\u9001\u672a\u7d93\u6388\u6b0a\u7684\u8acb\u6c42\u3002\u9019\u7a2e\u653b\u64ca\u65b9\u5f0f\u7279\u5225\u5371\u96aa\uff0c\u56e0\u70ba\u5b83\u53ef\u4ee5\u5728\u4e0d\u77e5\u60c5\u7684\u60c5\u6cc1\u4e0b\u57f7\u884c\u654f\u611f\u64cd\u4f5c\u3002\u5c0d\u65bc\u4f7f\u7528 Internet Information Services\uff08IIS\uff09\u7684\u7db2\u7ad9\u4f86\u8aaa\uff0c\u4e86\u89e3\u5982\u4f55\u9632\u7bc4 CSRF \u653b\u64ca\u81f3\u95dc\u91cd\u8981\u3002<\/p>\n
CSRF \u653b\u64ca\u7684\u57fa\u672c\u539f\u7406\u662f\u5229\u7528\u7528\u6236\u7684\u8eab\u4efd\u9a57\u8b49\u4fe1\u606f\u3002\u7576\u7528\u6236\u5728\u67d0\u500b\u7db2\u7ad9\u4e0a\u767b\u9304\u5f8c\uff0c\u8a72\u7db2\u7ad9\u6703\u5728\u7528\u6236\u7684\u700f\u89bd\u5668\u4e2d\u5b58\u5132\u4e00\u500b\u6703\u8a71 cookie\u3002\u653b\u64ca\u8005\u53ef\u4ee5\u901a\u904e\u793e\u4ea4\u5de5\u7a0b\u6216\u5176\u4ed6\u624b\u6bb5\u8a98\u4f7f\u7528\u6236\u9ede\u64ca\u4e00\u500b\u60e1\u610f\u93c8\u63a5\uff0c\u8a72\u93c8\u63a5\u6703\u5411\u76ee\u6a19\u7db2\u7ad9\u767c\u9001\u8acb\u6c42\uff0c\u4e26\u5229\u7528\u7528\u6236\u7684\u8eab\u4efd\u57f7\u884c\u64cd\u4f5c\u3002<\/p>\n
\u9632\u7bc4 CSRF \u653b\u64ca\u7684\u6709\u6548\u65b9\u6cd5\u6709\u5e7e\u7a2e\uff0c\u4ee5\u4e0b\u662f\u4e00\u4e9b\u5e38\u898b\u7684\u6280\u8853\uff1a<\/p>\n
\u6700\u5e38\u898b\u7684\u9632\u7bc4\u63aa\u65bd\u662f\u4f7f\u7528 CSRF Token\u3002\u9019\u662f\u4e00\u500b\u96a8\u6a5f\u751f\u6210\u7684\u5b57\u7b26\u4e32\uff0c\u8207\u7528\u6236\u7684\u6703\u8a71\u7d81\u5b9a\u3002\u6bcf\u7576\u7528\u6236\u63d0\u4ea4\u8868\u55ae\u6642\uff0c\u8a72 Token \u6703\u96a8\u8868\u55ae\u4e00\u8d77\u767c\u9001\uff0c\u4f3a\u670d\u5668\u6703\u9a57\u8b49\u8a72 Token \u662f\u5426\u6709\u6548\u3002\u4ee5\u4e0b\u662f\u5982\u4f55\u5728 ASP.NET \u4e2d\u5be6\u73fe CSRF Token \u7684\u793a\u4f8b\uff1a<\/p>\n
\n@using System.Web.Helpers;\n\n@{\n var csrfToken = AntiForgery.GetTokens(null, out string cookieToken);\n}\n\n\n @Html.AntiForgeryToken()\n \n \n\n<\/code><\/pre>\n2. \u6aa2\u67e5 HTTP Referer \u6a19\u982d<\/h3>\n
\u53e6\u4e00\u7a2e\u9632\u7bc4 CSRF \u653b\u64ca\u7684\u65b9\u6cd5\u662f\u6aa2\u67e5 HTTP Referer \u6a19\u982d\u3002\u4f3a\u670d\u5668\u53ef\u4ee5\u6aa2\u67e5\u8acb\u6c42\u7684\u4f86\u6e90\u662f\u5426\u4f86\u81ea\u5408\u6cd5\u7684\u7db2\u7ad9\u3002\u5982\u679c Referer \u6a19\u982d\u4e0d\u7b26\u5408\u9810\u671f\uff0c\u5247\u53ef\u4ee5\u62d2\u7d55\u8a72\u8acb\u6c42\u3002\u7136\u800c\uff0c\u9019\u7a2e\u65b9\u6cd5\u4e26\u4e0d\u7e3d\u662f\u53ef\u9760\uff0c\u56e0\u70ba\u67d0\u4e9b\u700f\u89bd\u5668\u6216\u5b89\u5168\u8a2d\u7f6e\u53ef\u80fd\u6703\u96b1\u85cf Referer \u6a19\u982d\u3002<\/p>\n
3. \u4f7f\u7528 SameSite Cookie \u5c6c\u6027<\/h3>\n
\u5728\u8a2d\u7f6e cookie \u6642\uff0c\u53ef\u4ee5\u4f7f\u7528 SameSite \u5c6c\u6027\u4f86\u9650\u5236 cookie \u7684\u767c\u9001\u3002\u9019\u6a23\u53ef\u4ee5\u9632\u6b62\u8de8\u7ad9\u8acb\u6c42\u6642\u81ea\u52d5\u767c\u9001 cookie\u3002\u4ee5\u4e0b\u662f\u5982\u4f55\u5728 ASP.NET \u4e2d\u8a2d\u7f6e SameSite \u5c6c\u6027\u7684\u793a\u4f8b\uff1a<\/p>\n
\nResponse.Cookies[\"YourCookie\"].SameSite = SameSiteMode.Strict;\n<\/code><\/pre>\n\u7d50\u8ad6<\/h2>\n
\u9632\u7bc4 CSRF \u653b\u64ca\u662f\u4fdd\u8b77\u7db2\u7ad9\u5b89\u5168\u7684\u91cd\u8981\u4e00\u74b0\u3002\u901a\u904e\u5be6\u65bd CSRF Token\u3001\u6aa2\u67e5 HTTP Referer \u6a19\u982d\u4ee5\u53ca\u4f7f\u7528 SameSite Cookie \u5c6c\u6027\uff0c\u53ef\u4ee5\u6709\u6548\u964d\u4f4e CSRF \u653b\u64ca\u7684\u98a8\u96aa\u3002\u96a8\u8457\u7db2\u7d61\u5b89\u5168\u5a01\u8105\u7684\u65e5\u76ca\u589e\u52a0\uff0c\u7db2\u7ad9\u7ba1\u7406\u54e1\u5fc5\u9808\u4fdd\u6301\u8b66\u60d5\uff0c\u5b9a\u671f\u6aa2\u67e5\u548c\u66f4\u65b0\u5b89\u5168\u63aa\u65bd\u3002<\/p>\n