MVC ValidateAntiForgeryToken多标签问题 [英] MVC ValidateAntiForgeryToken multi-tabs problem
问题描述
我们一直在得到A所需的防伪标记不提供或无效。错误和一些进一步的调查,我已经成功地重新创建的最简单形式的问题 - 我是不是做一些完全错误的,或者这是防伪标记系统的限制
We'd been getting "A required anti-forgery token was not supplied or was invalid." errors, and on some further investigation, I've managed to recreate the problem in its simplest form - i'm either doing something completely wrong, or this is a limitation of the anti-forgery token system.
无论哪种方式,我倒是AP preciate一些建议!
Either way, I'd appreciate some advice!
空MVC 2项目:
一种观点认为网页,一个控制器
Empty MVC 2 project: one view page, one controller
查看:
<%--Sign in form:--%>
<% using(Html.BeginForm("SignIn", "Home", FormMethod.Post)) {%>
<%= Html.AntiForgeryToken()%>
<input type="submit" value="Sign in" />
<%}%>
控制器:
public ActionResult Index()
{
ViewData["status"] = "Index";
return View();
}
[ValidateAntiForgeryToken]
public ActionResult SignIn()
{
ViewData["status"] = "Signed In!";
FormsAuthentication.SetAuthCookie("username", false);
return View("Index");
}
为了重新例外,开两个非登入标签 - 登录在第一个选项卡,然后登录在第二个选项卡
In order to recreate the exception, open two non-signed-in tabs - sign-in on the first tab, and then sign-in on the second tab.
第二个选项卡总是会抛出一个防伪例外,当我想正确的行为将是重定向到登录的页面(共享的会话/认证原登录的选项卡)
The second tab will always throw an anti-forgery exception, when I guess correct behaviour would be to redirect to the signed-in page (sharing the session/authentication of the original signed-in tab)
任何意见将是AP preciated!
Any advice would be appreciated!
干杯,
戴夫
推荐答案
真正回答这个问题很简单,你不应该在登录表单使用防伪标记!
The real answer to this problem is simply that you shouldn't use an anti-forgery token on login forms!
这是毫无意义的开拓是一个的登录表单上的用户的 - 他们还没有登录
It's pointless to "forge" being a user on a login form - they aren't logged in!
这篇关于MVC ValidateAntiForgeryToken多标签问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!