调试运行，只有当令牌防伪异常 [英] Antiforgery token exception only when debugger is run

问题描述

我这是通过内部框架提供内容服务的MVC2应用程序。该页面的iFrame仅仅是一种形式。它有一个请求验证令牌。一切正常的跨域，直到开发人员使用Visual Studio 2005调试。一旦他们这样做，我得到以下错误的详细信息。

I have an mvc2 app which is serving content through iframes. The iframed page is simply a form. It has a request validation token. Everything works well cross domain until a developer uses the Visual Studio 2005 debugger. As soon as they do, I get the following error details.

Exception: 
System.Web.Mvc.HttpAntiForgeryException : A required anti-forgery token was not supplied or was invalid.

Stack Trace:
at System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext) 
at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) 
at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)

Source:
System.Web.Mvc  

Location:
Void OnAuthorization(System.Web.Mvc.AuthorizationContext)

Url:
https://mydomain.com/Portal/Framed/NewQuickPay/yFkYAA!!-OSlvtw!!-4f560479-96f2-4578-8804-a757d4913f52


Path:
D:\Inetpub\wwwroot\Portal\

Referrer:
https://mydomain.com/portal/Framed/Index/yFkYAA!!-OSlvtw!!-4f560479-96f2-4578-8804-a757d4913f52/?amount=2861.43


Server Name:
/* OMITTED */   

IP Address:
/* OMITTED */

User Agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; .NET CLR 1.1.4322)

Is Authenticated:
False   

Http Method:
POST

Form Data
/* OMITTED */

__RequestVerificationToken  EoJfaqoiWFUnbJFIQQeXoCeUdtVKpfX7RB0LfUXoTzRbrwK3ZYr6ZjT2ldsNGqVuB+3Vtc3uiRZoJiF+VAi7v7kdEy/sCb6jI9stzTzz/hRh3emTzBh61W9+GkFlEkxEVID8Bg==

Cookies
/* NONE */

我们已经删除了所有的cookies，机器重新启动，重新启动Visual Studio中，并且仍然在调试器导致此错误。

We have deleted all cookies, restarted the machine, restarted visual studio, and still the debugger causes this error.

我添加了一个声明机键到web.config。我不知道它可能是什么。它发生只有在调试运行时，他们使用Visual Studio 2005。

I have added a declared machine key to the web.config. I'm not sure what else it could be. It happens only when the debugger is running, and they are using Visual Studio 2005.

推荐答案

我找到了答案。我的内容正在通过跨域IFRAME psented $ P $。据亚当·扬，IE会自动阻止第三方Cookie，除非你定义一个P3P策略头

I found the answer. My content was being presented through a cross domain iframe. According to Adam Young, IE will automatically block third party cookies unless you define a P3P policy in the header.

我添加code到P3P策略注入头和只是把它从我在iframe中使用的每一个动作。到目前为止，我们还没有看到这个错误露面。我希望这个解决方案能够帮助别人。

I added code to inject the p3p policy into the header and just call it from each action that I use in my iframe. So far, we have not seen this error turn up. I hope this solution helps someone else.

public static void SetP3PCompactPolicy()
{
    HttpContext.Current.Response.AddHeader("p3p", 
    "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
}

我还定义了一个机键的，虽然我不肯定是必要的。

I also defined a machine key, although I'm not sure that was necessary.

这篇关于调试运行，只有当令牌防伪异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！