0
我正在使用ASP.NET 4 WCF服务进行某些数据事务。为了防止CSRF(跨站请求伪造),我想在输出中添加一些数据。有关如何做到这一点的任何建议?前置到WCF服务输出
[ServiceContract]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerCall)]
public class TestService : ServiceBase
{
[WebGet(
ResponseFormat = WebMessageFormat.Json,
UriTemplate = "/test.json")
]
public MyResponse Test()
{
MyResponse resp;
try
{
Response.Write("for(;;){}"); // <-- Fix needed
resp = new MyResponse();
}
catch (Exception ex)
{
AjaxException aex = new AjaxException() {
message = string.Format("Test failed. Exception: {0}.", ex.Message)
};
throw new WebFaultException<AjaxException>(aex, HttpStatusCode.InternalServerError);
}
return resp;
}
}
[DataContract]
public class MyResponse {
public MyResponse() { }
[DataMember()]
public long time = ServiceUtility.Convert(DateTime.Now);
[DataMember()]
public string secret { get; set; }
}