__RequestVerificationToken 不存在 Ajax POST
__RequestVerificationToken is not present with Ajax POST
我正在使用 jQuery DataTales 从 MVC5 请求 POST URL 并尝试添加 anti-forgery 令牌。我已将它添加到 headers 和请求 body 中,但仍然收到 500 错误:"The required anti-forgery form field "__RequestVerificationToken" is not present."
形式:
<form id="my-units-form" action="@Url.Action("MyUnitsResults", "Provider")" class="form-horizontal criteria well well-sm">
@Html.AntiForgeryToken()
....
JavaScript:
$userDt = $('#users-table')
.DataTable({
serverSide: true,
ordering: false,
searching: true,
ajax: {
"url": url,
"type": "POST",
'contentType': 'application/json',
"dataType": "json",
headers: { '__RequestVerificationToken': $('form input[name=__RequestVerificationToken]').val() },
data: function (d) {
d.__RequestVerificationToken= $('form input[name=__RequestVerificationToken]').val();
return JSON.stringify(d);
}
},
如果您对数据进行字符串化并使用 contentType: 'application/json,则仅将标记添加到 ajax headers(不会从 body 中读取)。
然后您需要创建自定义 FilterAttribute 以从 headers
中读取值
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false, Inherited = true)]
public sealed class ValidateHeaderAntiForgeryTokenAttribute : FilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
var httpContext = filterContext.HttpContext;
var cookie = httpContext.Request.Cookies[AntiForgeryConfig.CookieName];
AntiForgery.Validate(cookie != null ? cookie.Value : null, httpContext.Request.Headers["__RequestVerificationToken"]);
}
}
并在您的控制器方法中,将 [ValidateAntiForgeryToken] 属性替换为 [ValidateHeaderAntiForgeryToken]
我正在使用 jQuery DataTales 从 MVC5 请求 POST URL 并尝试添加 anti-forgery 令牌。我已将它添加到 headers 和请求 body 中,但仍然收到 500 错误:"The required anti-forgery form field "__RequestVerificationToken" is not present."
形式:
<form id="my-units-form" action="@Url.Action("MyUnitsResults", "Provider")" class="form-horizontal criteria well well-sm">
@Html.AntiForgeryToken()
....
JavaScript:
$userDt = $('#users-table')
.DataTable({
serverSide: true,
ordering: false,
searching: true,
ajax: {
"url": url,
"type": "POST",
'contentType': 'application/json',
"dataType": "json",
headers: { '__RequestVerificationToken': $('form input[name=__RequestVerificationToken]').val() },
data: function (d) {
d.__RequestVerificationToken= $('form input[name=__RequestVerificationToken]').val();
return JSON.stringify(d);
}
},
如果您对数据进行字符串化并使用 contentType: 'application/json,则仅将标记添加到 ajax headers(不会从 body 中读取)。
然后您需要创建自定义 FilterAttribute 以从 headers
中读取值[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false, Inherited = true)]
public sealed class ValidateHeaderAntiForgeryTokenAttribute : FilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
var httpContext = filterContext.HttpContext;
var cookie = httpContext.Request.Cookies[AntiForgeryConfig.CookieName];
AntiForgery.Validate(cookie != null ? cookie.Value : null, httpContext.Request.Headers["__RequestVerificationToken"]);
}
}
并在您的控制器方法中,将 [ValidateAntiForgeryToken] 属性替换为 [ValidateHeaderAntiForgeryToken]