ASP.Net 和 DotNetNuke -- 为什么客户 AuthorizeAttribute 覆盖 ValidateAntiForgeryToken?

ASP.Net and DotNetNuke -- why does a customer AuthorizeAttribute override ValidateAntiForgeryToken?

我有一个自定义 AuthorizationAttribute:

public class CodeWomplerAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        return SessionManager.CheckSession(SessionKeys.User)==true;
    }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        if (SessionManager.CheckSession(SessionKeys.User) == false)
        {
            filterContext.Result = new RedirectToRouteResult(
                new RouteValueDictionary 
                {
                    { "action", "ActionName" },
                    { "controller", "ControllerName" }
                });
        }
        else
            base.HandleUnauthorizedRequest(filterContext);
    }
}

下面是控制器中的示例函数:

    [HttpPost]
    [DotNetNuke.Web.Mvc.Framework.ActionFilters.ValidateAntiForgeryToken]
    [CodeWomplerAuthorize]
    public string InitializeNew()
    {
        var techSheet = new TechSheet {WorkOrder = {CreateDate = DateTime.Now}};
        var empList = new WorkOrderEmployeeController().Gets().Recordset;
        return JsonConvert.SerializeObject(Json(new{techSheet,empList}));
    }

我的自定义属性效果很好。但是,如果我包含 [DotNetNuke.Web.Mvc.Framework.ActionFilters.ValidateAntiForgeryToken],我会失败。

如果 AuthorizeCore 有覆盖,ValidateAntiForgeryToken 将失败。

如何在 AuthorizeCore 的覆盖中包含 ValidateAntiForgeryToken?

这是一种方法:

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    var cookie = httpContext.Request.Cookies[AntiForgeryConfig.CookieName];
    AntiForgery.Instance.Validate(cookie?.Value, httpContext.Request.Headers["__RequestVerificationToken"]);` protected override bool AuthorizeCore(HttpContextBase httpContext)
    return SessionManager.CheckSession(SessionKeys.User)==true;
}