MVC 3 AJAX 和 [ValidateAntiForgeryToken]
我之前问过一个与此相关的问题,得到一个有趣的答案让我开始我的方式,我们会问更多问题。因此,这是我弄清楚 AJAX 帖子的内部工作原理和相当烦人的 ValidateAntiForgeryTokenAttribute 的过程中的下一个问题。
我有一个 _layout.cshtml,这是目前所有脚本的所在地。我有一个登录页面,它呈现三个部分,一个用于 OpenID 登录,这只是一个普通的 @using(Html.BeginForm()) {},一个用于本地登录,另一个用于基本登录登记。登录部分和注册部分都使用 ViewModels 和 Ajax.BeginForm
请注意,我正在使用 @using Ajax.BeginForm 并获取 data-ajax-update attr 来更新成功时的元素
_layout.cshtml 中的脚本:
$(document).ready(function () {
$('input[type=submit]').live("click", function (event) {
event.preventDefault();
var _allFormData = $(this).parents().find('form');
var _currentForm = $(this).closest('form');
var _updateElement = $(_currentForm).attr("data-ajax-update");
$.ajax({
type: "POST",
url: $(_currentForm).attr('action'),
data: $(_allFormData).serialize(),
success: function (data) {
$(_updateElement).html(data);
}
});
return true;
});
});
_layout.cshtml 中的表单元素
<form id="__AjaxAntiForgeryForm" action="#" method="post">
<@Html.AntiForgeryToken()>
</form>
控制器中的操作方法:
public ActionResult RegisterMember(
RegisterMemberViewModel registerMemberViewModel)
{
// Process some stuff
return PartialView("_Register");
}
为什么这有效,神奇的是 AntiForgeryToken 被包含在我所有的帖子。我没有抓住它并附加它,我没有用它做任何事情,它就在那里。有人可以解释一下为什么这是有效的吗?我不喜欢意外的解决方案,它们通常会在稍后崩溃。
I previously asked a question regarding this, got an interesting answer which got me on my way to, well asking more questions. So here is the next question in my journey to figure out the inner workings of AJAX posts and the rather annoying ValidateAntiForgeryTokenAttribute.
I have a _layout.cshtml, this is where all of the script goodies are located for now. I have a login page that render three partials, one for OpenID logins, which is just a normal @using(Html.BeginForm()) {}, one for local login, and the other is for basic registration. The login partial and register partial both use ViewModels and Ajax.BeginForm
Please note that I am using @using Ajax.BeginForm and grabbing the data-ajax-update attr to update the element on success
Script in _layout.cshtml:
$(document).ready(function () {
$('input[type=submit]').live("click", function (event) {
event.preventDefault();
var _allFormData = $(this).parents().find('form');
var _currentForm = $(this).closest('form');
var _updateElement = $(_currentForm).attr("data-ajax-update");
$.ajax({
type: "POST",
url: $(_currentForm).attr('action'),
data: $(_allFormData).serialize(),
success: function (data) {
$(_updateElement).html(data);
}
});
return true;
});
});
Form Element in _layout.cshtml
<form id="__AjaxAntiForgeryForm" action="#" method="post">
<@Html.AntiForgeryToken()>
</form>
Action Method in Controller:
public ActionResult RegisterMember(
RegisterMemberViewModel registerMemberViewModel)
{
// Process some stuff
return PartialView("_Register");
}
Why is this working, magically the AntiForgeryToken is getting included in all my posts. I am not grabbing it and appending it, I am not doing anything with it really it is just there. Can someone please shed some light on why this works. I don't like accidental solutions, they usually break later on.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
@Html.AntiForgeryToken()在表单中创建一个或类似的内容。如果我理解正确的话:var _allFormData = $(this).parents().find('form');与此结合:data: $(_allFormData).serialize( )将所有表单数据发布到服务器,包括 MVC 可能寻找的输入字段 __RequestVerificationToken,The
@Html.AntiForgeryToken()creates an<input type='hidden' name='__RequestVerificationToken'/>or something similar inside your form. And if I understand correctly this:var _allFormData = $(this).parents().find('form');in combination with this:data: $(_allFormData).serialize()post all your form data to the server, including the inputfield__RequestVerificationTokenwhich MVC probably looks for,