为什么在 Mono 4.2.2 中找不到 __RequestVerificationToken

Why __RequestVerificationToken in not found in Mono 4.2.2

ASP.NET MVC4 应用程序根据 MVC4 文档使用跨站点伪造预防。

表格中有隐藏变量

...

和 cookie

浏览器发布 cookie

__RequestVerificationToken

Post 方法处理程序装饰有

[HttpPost,ValidateAntiForgeryToken]

属性。 https 协议已确定。它工作得更早。应用在提交表单中升级后在某些情况下会产生异常

    System.Web.Mvc.HttpAntiForgeryException
    The required anti-forgery cookie "__RequestVerificationToken" is not present.

Description: HTTP 500.Error processing request.
Details: Error processing request.
Exception stack trace:
  at System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens (System.Web.HttpContextBase httpContext, IIdentity identity, System.Web.Helpers.AntiXsrf.AntiForgeryToken sessionToken, System.Web.Helpers.AntiXsrf.AntiForgeryToken fieldToken) <0x4098fc20 + 0x003af> in <filename unknown>:0 
  at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate (System.Web.HttpContextBase httpContext) <0x4098e540 + 0x00092> in <filename unknown>:0 
  at System.Web.Helpers.AntiForgery.Validate () <0x4098e490 + 0x0006f> in <filename unknown>:0 
  at System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization (System.Web.Mvc.AuthorizationContext filterContext) <0x4098e420 + 0x0002b> in <filename unknown>:0 
  at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters (System.Web.Mvc.ControllerContext controllerContext, IList`1 filters, System.Web.Mvc.ActionDescriptor actionDescriptor) <0x41389eb0 + 0x00097> in <filename unknown>:0 
  at System.Web.Mvc.Async.AsyncControllerActionInvoker+<>c__DisplayClass25.<BeginInvokeAction>b__1e (System.AsyncCallback asyncCallback, System.Object asyncState) <0x4138957

如何解决此问题以便可以使用请求验证令牌?

根据您的描述,您告诉 Action 方法检查令牌,但您的表单没有发送它,因此缺少 __RequestVerificationToken

__RequestVerificationToken是通过在表单

中调用辅助方法@Html.AntiForgeryToken()生成的

例如:

@using (Html.BeginForm("Manage", "Account")) { @Html.AntiForgeryToken() }

更多信息,请查看: http://www.asp.net/web-api/overview/security/preventing-cross-site-request-forgery-csrf-attacks