MVC ValidateAntiForgeryToken多标签问题 [英] MVC ValidateAntiForgeryToken multi-tabs problem

问题描述

我们一直在得到A所需的防伪标记不提供或无效。错误和一些进一步的调查，我已经成功地重新创建的最简单形式的问题 - 我是不是做一些完全错误的，或者这是防伪标记系统的限制

We'd been getting "A required anti-forgery token was not supplied or was invalid." errors, and on some further investigation, I've managed to recreate the problem in its simplest form - i'm either doing something completely wrong, or this is a limitation of the anti-forgery token system.

无论哪种方式，我倒是AP preciate一些建议！

Either way, I'd appreciate some advice!

空MVC 2项目：
一种观点认为网页，一个控制器

Empty MVC 2 project: one view page, one controller

查看：

<%--Sign in form:--%>
<% using(Html.BeginForm("SignIn", "Home", FormMethod.Post)) {%>
    <%= Html.AntiForgeryToken()%>
    <input type="submit" value="Sign in" />
<%}%>

控制器：

public ActionResult Index()
{
    ViewData["status"] = "Index";
    return View();
}

[ValidateAntiForgeryToken]
public ActionResult SignIn()
{
    ViewData["status"] = "Signed In!";
    FormsAuthentication.SetAuthCookie("username", false);
    return View("Index");
}

为了重新例外，开两个非登入标签 - 登录在第一个选项卡，然后登录在第二个选项卡

In order to recreate the exception, open two non-signed-in tabs - sign-in on the first tab, and then sign-in on the second tab.

第二个选项卡总是会抛出一个防伪例外，当我想正确的行为将是重定向到登录的页面（共享的会话/认证原登录的选项卡）

The second tab will always throw an anti-forgery exception, when I guess correct behaviour would be to redirect to the signed-in page (sharing the session/authentication of the original signed-in tab)

任何意见将是AP preciated！

Any advice would be appreciated!

干杯，
戴夫

推荐答案

真正回答这个问题很简单，你不应该在登录表单使用防伪标记！

The real answer to this problem is simply that you shouldn't use an anti-forgery token on login forms!

这是毫无意义的开拓是一个的登录表单上的用户的 - 他们还没有登录

It's pointless to "forge" being a user on a login form - they aren't logged in!

这篇关于MVC ValidateAntiForgeryToken多标签问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！