ValidateAntiForgeryToken 因 jQuery ajax 表单提交而失败
我有一个 HTML 表单,我向其中动态添加一个文本字段,并通过 jQuery 向 ASP.NET MVC 控制器对该表单执行 POST 请求。
如果我在控制器操作上没有 ValidateAntiForgeryToken 属性的情况下调用 POST 请求,则它可以正常工作。但是,当我将 ValidateAntiForgeryToken 属性添加到操作中时,我收到以下异常:
“未提供所需的防伪令牌或无效。”
有人知道为什么会出现这种情况吗?
需要注意的一点是,cookie 中的令牌 id 似乎与表单中呈现的令牌完全不同。为什么这些可能会有所不同?
操作:
[AcceptVerbs(HttpVerbs.Post)]
[ValidateAntiForgeryToken]
public string MyAction(Guid id, Dto dto)
{
//return JSON;
}
表单(呈现的):
<form id="slider" class="fc" method="post" action="/controller/myaction/" name="tabEdit">
<span id="slider_previous" class="sprite" tabindex="0" title="foo">Previous</span>
<input type="hidden" value="mzyg7UWQrHwafoSuoJBvwfraQEtCTAmM9QHYeyMSrAHFHG10BNXM+I2yNgz8zQ8yu/E43eF3yMuHX7YIQwmK3Q==" name="__RequestVerificationToken"/>
<div id="sliderWrap" style="width: 31.243%;">
<ul class="sliderList">
<li id="ID_3d031daf-a7f9-46f2-b4b9-7c9fc6560e3d">
</li>
<li id="ID_78b61634-d88a-4f33-8e48-e0655ad8a958" class="current">
<input class="sliderInput" type="text" value="" name="Bar"/>
<a class="sprite" href="/a/b/78b61634-d88a-4f33-8e48-e0655ad8a958">Delete</a>
</li>
</ul>
</div>
<span id="slider_addNew" class="sprite" tabindex="0" title="Add new">New</span>
<span id="slider_next" class="sprite" tabindex="0" title="See next">Next</span>
</form>
呈现防伪令牌的原始视图:
<form id="slider" class="fc" method="post" action="/controller/myaction/" name="tabEdit">
<%=Html.AntiForgeryToken(OurNamespace.MVC.Constants.SaltValue) %>
<ul class="noJs">
<!-- etc -->
</ul>
</form>
I have an HTML form, to which I dynamically add a text field and perform a POST request for that form via jQuery to an ASP.NET MVC controller.
If I invoke the POST request without the ValidateAntiForgeryToken attribute on the controller action, it works fine. But, when I add the ValidateAntiForgeryToken attribute to the action I get the following exception:
"A required anti-forgery token was not supplied or was invalid."
Does anyone any ideas as to why this might be?
One point of note is that the token id in the cookie appears to be completely different to the token rendered in the form. Why might these be different?
The action:
[AcceptVerbs(HttpVerbs.Post)]
[ValidateAntiForgeryToken]
public string MyAction(Guid id, Dto dto)
{
//return JSON;
}
The form (as rendered):
<form id="slider" class="fc" method="post" action="/controller/myaction/" name="tabEdit">
<span id="slider_previous" class="sprite" tabindex="0" title="foo">Previous</span>
<input type="hidden" value="mzyg7UWQrHwafoSuoJBvwfraQEtCTAmM9QHYeyMSrAHFHG10BNXM+I2yNgz8zQ8yu/E43eF3yMuHX7YIQwmK3Q==" name="__RequestVerificationToken"/>
<div id="sliderWrap" style="width: 31.243%;">
<ul class="sliderList">
<li id="ID_3d031daf-a7f9-46f2-b4b9-7c9fc6560e3d">
</li>
<li id="ID_78b61634-d88a-4f33-8e48-e0655ad8a958" class="current">
<input class="sliderInput" type="text" value="" name="Bar"/>
<a class="sprite" href="/a/b/78b61634-d88a-4f33-8e48-e0655ad8a958">Delete</a>
</li>
</ul>
</div>
<span id="slider_addNew" class="sprite" tabindex="0" title="Add new">New</span>
<span id="slider_next" class="sprite" tabindex="0" title="See next">Next</span>
</form>
The original view rendering the anti-forgery token:
<form id="slider" class="fc" method="post" action="/controller/myaction/" name="tabEdit">
<%=Html.AntiForgeryToken(OurNamespace.MVC.Constants.SaltValue) %>
<ul class="noJs">
<!-- etc -->
</ul>
</form>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您在生成 AntiForgeryToken 时指定了自定义盐,您还需要将此盐提供给 ValidateAntiForgeryToken 属性。
You are specifying a custom salt when you generate your AntiForgeryToken, you need to provide this salt to the ValidateAntiForgeryToken attribute as well.