MVC ValidateAntiForgeryToken多标签问题 [英] MVC ValidateAntiForgeryToken multi-tabs problem

查看:649
本文介绍了MVC ValidateAntiForgeryToken多标签问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们一直在得到A所需的防伪标记不提供或无效。错误和一些进一步的调查,我已经成功地重新创建的最简单形式的问题 - 我是不是做一些完全错误的,或者这是防伪标记系统的限制

We'd been getting "A required anti-forgery token was not supplied or was invalid." errors, and on some further investigation, I've managed to recreate the problem in its simplest form - i'm either doing something completely wrong, or this is a limitation of the anti-forgery token system.

无论哪种方式,我倒是AP preciate一些建议!

Either way, I'd appreciate some advice!

空MVC 2项目:
一种观点认为网页,一个控制器

Empty MVC 2 project: one view page, one controller

查看:

<%--Sign in form:--%>
<% using(Html.BeginForm("SignIn", "Home", FormMethod.Post)) {%>
    <%= Html.AntiForgeryToken()%>
    <input type="submit" value="Sign in" />
<%}%>

控制器:

public ActionResult Index()
{
    ViewData["status"] = "Index";
    return View();
}

[ValidateAntiForgeryToken]
public ActionResult SignIn()
{
    ViewData["status"] = "Signed In!";
    FormsAuthentication.SetAuthCookie("username", false);
    return View("Index");
}

为了重新例外,开两个非登入标签 - 登录在第一个选项卡,然后登录在第二个选项卡

In order to recreate the exception, open two non-signed-in tabs - sign-in on the first tab, and then sign-in on the second tab.

第二个选项卡总是会抛出一个防伪例外,当我想正确的行为将是重定向到登录的页面(共享的会话/认证原登录的选项卡)

The second tab will always throw an anti-forgery exception, when I guess correct behaviour would be to redirect to the signed-in page (sharing the session/authentication of the original signed-in tab)

任何意见将是AP preciated!

Any advice would be appreciated!

干杯,
戴夫

推荐答案

真正回答这个问题很简单,你不应该在登录表单使用防伪标记!

The real answer to this problem is simply that you shouldn't use an anti-forgery token on login forms!

这是毫无意义的开拓是一个的登录表单上的用户的 - 他们还没有登录

It's pointless to "forge" being a user on a login form - they aren't logged in!

这篇关于MVC ValidateAntiForgeryToken多标签问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆