MVC 3 AJAX和[ValidateAntiForgeryToken] [英] MVC 3 AJAX and [ValidateAntiForgeryToken]

问题描述

我之前曾就此问过一个问题，得到了一个有趣的答案让我走了之路，好好问更多的问题。所以这是我的旅程中的下一个问题，即找出AJAX帖子的内部工作方式以及相当恼人的 ValidateAntiForgeryTokenAttribute 。

I previously asked a question regarding this, got an interesting answer which got me on my way to, well asking more questions. So here is the next question in my journey to figure out the inner workings of AJAX posts and the rather annoying ValidateAntiForgeryTokenAttribute.

我有一个_layout.cshtml，这是所有脚本好东西现在所在的位置。我有一个登录页面，呈现三个部分，一个用于OpenID登录，这只是一个普通的 @using（Html.BeginForm（））{} ，一个用于本地登录，另一个是基本注册。登录部分和寄存器部分都使用ViewModels和 Ajax.BeginForm

I have a _layout.cshtml, this is where all of the script goodies are located for now. I have a login page that render three partials, one for OpenID logins, which is just a normal @using(Html.BeginForm()) {}, one for local login, and the other is for basic registration. The login partial and register partial both use ViewModels and Ajax.BeginForm

请注意我使用 @using Ajax.BeginForm 并抓取data-ajax-update attr以在成功时更新元素

Please note that I am using @using Ajax.BeginForm and grabbing the data-ajax-update attr to update the element on success

_layout.cshtml中的脚本：

Script in _layout.cshtml:

$(document).ready(function () {
    $('input[type=submit]').live("click", function (event) {
        event.preventDefault();
        var _allFormData = $(this).parents().find('form');
        var _currentForm = $(this).closest('form');
        var _updateElement = $(_currentForm).attr("data-ajax-update");

        $.ajax({
            type: "POST",
            url: $(_currentForm).attr('action'),
            data: $(_allFormData).serialize(),
            success: function (data) {
                $(_updateElement).html(data);
            }
        });

        return true;
    });
});

_layout.cshtml中的表单元素

Form Element in _layout.cshtml

<form id="__AjaxAntiForgeryForm" action="#" method="post">
    <@Html.AntiForgeryToken()>
</form>  

控制器中的操作方法：

public ActionResult RegisterMember(
    RegisterMemberViewModel registerMemberViewModel)
{
    // Process some stuff
    return PartialView("_Register");
}

为什么这有效，神奇地是 AntiForgeryToken 已包含在我的所有帖子中。我没有抓住它并附加它，我没有做任何事情它真的就在那里。有人可以说明为什么会这样。我不喜欢偶然的解决方案，他们通常会在以后破解。

Why is this working, magically the AntiForgeryToken is getting included in all my posts. I am not grabbing it and appending it, I am not doing anything with it really it is just there. Can someone please shed some light on why this works. I don't like accidental solutions, they usually break later on.

推荐答案

@ Html.AntiForgeryToken （）在表单中创建< input type ='hidden'name ='__ RequestVerificationToken'/> 或类似内容。如果我理解正确的话： var _allFormData = $（this）.parents（）。find（'form'）; 与此相结合： data：$（_ allFormData）.serialize（）将所有表单数据发布到服务器，包括MVC可能查找的inputfield __ RequestVerificationToken ，

The @Html.AntiForgeryToken() creates an <input type='hidden' name='__RequestVerificationToken'/> or something similar inside your form. And if I understand correctly this: var _allFormData = $(this).parents().find('form'); in combination with this:data: $(_allFormData).serialize() post all your form data to the server, including the inputfield __RequestVerificationToken which MVC probably looks for,

这篇关于MVC 3 AJAX和[ValidateAntiForgeryToken]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！