为什么在 Mono 4.2.2 中找不到 __RequestVerificationToken
Why __RequestVerificationToken in not found in Mono 4.2.2
ASP.NET MVC4 应用程序根据 MVC4 文档使用跨站点伪造预防。
表格中有隐藏变量
...
和 cookie
浏览器发布 cookie
__RequestVerificationToken
Post 方法处理程序装饰有
[HttpPost,ValidateAntiForgeryToken]
属性。 https 协议已确定。它工作得更早。应用在提交表单中升级后在某些情况下会产生异常
System.Web.Mvc.HttpAntiForgeryException
The required anti-forgery cookie "__RequestVerificationToken" is not present.
Description: HTTP 500.Error processing request.
Details: Error processing request.
Exception stack trace:
at System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens (System.Web.HttpContextBase httpContext, IIdentity identity, System.Web.Helpers.AntiXsrf.AntiForgeryToken sessionToken, System.Web.Helpers.AntiXsrf.AntiForgeryToken fieldToken) <0x4098fc20 + 0x003af> in <filename unknown>:0
at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate (System.Web.HttpContextBase httpContext) <0x4098e540 + 0x00092> in <filename unknown>:0
at System.Web.Helpers.AntiForgery.Validate () <0x4098e490 + 0x0006f> in <filename unknown>:0
at System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization (System.Web.Mvc.AuthorizationContext filterContext) <0x4098e420 + 0x0002b> in <filename unknown>:0
at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters (System.Web.Mvc.ControllerContext controllerContext, IList`1 filters, System.Web.Mvc.ActionDescriptor actionDescriptor) <0x41389eb0 + 0x00097> in <filename unknown>:0
at System.Web.Mvc.Async.AsyncControllerActionInvoker+<>c__DisplayClass25.<BeginInvokeAction>b__1e (System.AsyncCallback asyncCallback, System.Object asyncState) <0x4138957
如何解决此问题以便可以使用请求验证令牌?
根据您的描述,您告诉 Action 方法检查令牌,但您的表单没有发送它,因此缺少 __RequestVerificationToken
__RequestVerificationToken是通过在表单
中调用辅助方法@Html.AntiForgeryToken()
生成的
例如:
@using (Html.BeginForm("Manage", "Account")) {
@Html.AntiForgeryToken()
}
更多信息,请查看:
http://www.asp.net/web-api/overview/security/preventing-cross-site-request-forgery-csrf-attacks
ASP.NET MVC4 应用程序根据 MVC4 文档使用跨站点伪造预防。
表格中有隐藏变量
...
和 cookie
浏览器发布 cookie
__RequestVerificationToken
Post 方法处理程序装饰有
[HttpPost,ValidateAntiForgeryToken]
属性。 https 协议已确定。它工作得更早。应用在提交表单中升级后在某些情况下会产生异常
System.Web.Mvc.HttpAntiForgeryException
The required anti-forgery cookie "__RequestVerificationToken" is not present.
Description: HTTP 500.Error processing request.
Details: Error processing request.
Exception stack trace:
at System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens (System.Web.HttpContextBase httpContext, IIdentity identity, System.Web.Helpers.AntiXsrf.AntiForgeryToken sessionToken, System.Web.Helpers.AntiXsrf.AntiForgeryToken fieldToken) <0x4098fc20 + 0x003af> in <filename unknown>:0
at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate (System.Web.HttpContextBase httpContext) <0x4098e540 + 0x00092> in <filename unknown>:0
at System.Web.Helpers.AntiForgery.Validate () <0x4098e490 + 0x0006f> in <filename unknown>:0
at System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization (System.Web.Mvc.AuthorizationContext filterContext) <0x4098e420 + 0x0002b> in <filename unknown>:0
at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters (System.Web.Mvc.ControllerContext controllerContext, IList`1 filters, System.Web.Mvc.ActionDescriptor actionDescriptor) <0x41389eb0 + 0x00097> in <filename unknown>:0
at System.Web.Mvc.Async.AsyncControllerActionInvoker+<>c__DisplayClass25.<BeginInvokeAction>b__1e (System.AsyncCallback asyncCallback, System.Object asyncState) <0x4138957
如何解决此问题以便可以使用请求验证令牌?
根据您的描述,您告诉 Action 方法检查令牌,但您的表单没有发送它,因此缺少 __RequestVerificationToken
__RequestVerificationToken是通过在表单
中调用辅助方法@Html.AntiForgeryToken()
生成的
例如:
@using (Html.BeginForm("Manage", "Account")) {
@Html.AntiForgeryToken()
}
更多信息,请查看: http://www.asp.net/web-api/overview/security/preventing-cross-site-request-forgery-csrf-attacks