ASP.NET MVC:AntiForgeryToken 在单声道中工作吗?
我尝试在 Mono (XSP) 下的 ASP.NET MVC 中使用 Html.AntiForgeryToken 但它不起作用。它抛出以下异常。有什么想法吗?
System.ArgumentNullException: Argument cannot be null.
Parameter name: inputString
at System.Web.UI.ObjectStateFormatter.Deserialize (System.String inputString) [0x00006] in /home/danipen/Downloads/mono-2.8/mcs/class/System.Web/System.Web.UI/ObjectStateFormatter.cs:131
at System.Web.UI.HiddenFieldPageStatePersister.Load () [0x00007] in /home/danipen/Downloads/mono-2.8/mcs/class/System.Web/System.Web.UI/HiddenFieldPageStatePersister.cs:57
at System.Web.UI.Page.LoadPageStateFromPersistenceMedium () [0x0000f] in /home/danipen/Downloads/mono-2.8/mcs/class/System.Web/System.Web.UI/Page.cs:1763
at System.Web.UI.Page.LoadPageViewState () [0x00000] in /home/danipen/Downloads/mono-2.8/mcs/class/System.Web/System.Web.UI/Page.cs:1769
at System.Web.UI.Page.RestorePageState () [0x00051] in /home/danipen/Downloads/mono-2.8/mcs/class/System.Web/System.Web.UI/Page.cs:1454
at System.Web.UI.Page.InternalProcessRequest () [0x001b9] in /home/danipen/Downloads/mono-2.8/mcs/class/System.Web/System.Web.UI/Page.cs:1433
at System.Web.UI.Page.ProcessRequest (System.Web.HttpContext context) [0x0005b] in /home/danipen/Downloads/mono-2.8/mcs/class/System.Web/System.Web.UI/Page.cs:1261
您知道还有其他方法可以实现这一点吗?
提前致谢。
编辑:这是我的视图代码(它是部分视图)。如果我删除行 <%= Html.AntiForgeryToken() %> 一切正常,在其他情况下它会抛出上述异常。
<%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<Codice.Web.Client.Comment>" %>
<div class="comment" style="background-color: #009ACF">
<div class="comment-meta">
<p class="comment-author">
<span class="avatarimage">
<%= Html.AvatarFor(Model.CommentInfo.Owner) %>
</span>
<strong class="comment-author">
<%= Html.Encode(Model.GetAuthorString()) %>
</strong>
says:
</p>
<p class="comment-date">
<%= Html.TimeAgo(Model.CommentInfo.LocalTimeStamp) %>
</p>
</div>
<div class="comment-body">
<div class="formatted-content">
<%= Html.Encode(Model.CommentInfo.Comment) %>
</div>
<div class="form-content">
<% using(Html.BeginForm(
"EditComment",
"Comments",
new
{
repository = Model.Repository,
commentId = Model.CommentInfo.Id
},
FormMethod.Post,
null))
{ %>
<%= Html.AntiForgeryToken() %>
<%= Html.TextBox("newComment", Model.CommentInfo.Comment) %>
<div class="form-actions">
<a class"edit-cancel minibutton" href="#">
<span>Cancel</span>
</a>
<button class="minibutton" type="submit">
<span>Update comment</span>
</button>
</div>
<%
}
%>
</div>
</div>
</div>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您是否在为 POST 动词提供服务的控制器操作上设置了
[ValidateAntiForgeryToken]属性?编辑: 此问题的可能解决方案可能是使用 master 分支中的最新 mono,因为此问题可以在旧版本的 mono 上复制(例如 4 月 22 日的 tarball 会导致相同的异常)。
编辑2:要实现此功能,真正需要的是设置有效的machineKey 元素。例如,可以使用 this 实用程序生成密钥。
Do you have
[ValidateAntiForgeryToken]attribute set on you controller action which is serving the POST verb?Edit: Possible solution for this issue is probably using the newest mono from master branch, because this problem can be replicated on older versions of mono (for example tarball from April 22 is causing the same exception).
Edit 2: What is probably really needed to get this working is setting up valid machineKey element in web.config file. Keys can be generated for example with this utility.