AJAX防伪令牌不调用控制器方法 [英] AJAX AntiForgery Token not calling controller method
问题描述
我奋力打电话给我用[ValidateAntiForgeryToken]属性控制器的方法。
我CSHTML / JS code:
VAR wizardRegisterJsonRequest = {
电子邮件:电子邮件,
密码:密码,
ConfirmPassword:confirmPassword,
姓名:姓名
};
$阿贾克斯({
输入:POST,
数据类型:HTML,
网址:的http://本地主机:50209 / GetAllFonts / WizardRegister',
数据:AddAntiForgeryToken(wizardRegisterJsonRequest)
beforeSend:功能(){
$('#create_account_form')的数据(忙,真正的)。
$('#create_account_busy)显示()。
},
成功:功能(数据){
如果(data.Success ===真){
//这里都好
} $('#create_account_validation_summary)文本(data.Message);
$('#create_account_validation_summary)显示()。
},
完成:功能(){
$('#create_account_form')的数据(忙,假)。
$('#create_account_busy')隐藏()。
}
}); AddAntiForgeryToken =功能(数据){
警报(加入防伪造);
。数据.__ RequestVerificationToken = $('#anti_forgery_token)VAL();
返回的数据;
};
控制器code:
[ValidateAntiForgeryToken]
[HttpPost]
公共JsonResult WizardRegister(用户usrDetails)
//公共JsonResult WizardLogOn(用户USR)
{
//字符串测试=; //此方法WizardRegister是没有得到所谓的
}
User模型:
公共类用户
{
公共字符串电子邮件{获得;组; }
公共字符串密码{搞定;组; }
公共字符串ConfirmPassword {搞定;组; }
公共字符串名称{;组; }
公共字符串电话{搞定;组; }
公共字符串__RequestVerificationToken {搞定;组; }
}
我不知道如果我需要__RequestVerificationToken在用户模式。我使用防伪首次。
请让我知道我错了......
谢谢,
罗汉。
更新:
查看/形式code:
@using(Html.BeginForm(NULL,NULL,FormMethod.Post,新{ID =create_account_form}))
{
@ Html.AntiForgeryToken()
<&字段集GT;
< DIV CLASS =输入固定的>
<跨度类=mandatory_wizard> * LT; / SPAN>
<输入类型=文本ID =registrNameNAME =registrNameVALUE =罗汉级=名称占位符=名称>
< / DIV>
< DIV CLASS =输入固定的>
<跨度类=mandatory_wizard> * LT; / SPAN>
<输入类型=文本ID =registrEmailNAME =registrEmail级=电子邮件值=rohanskosht@gmail.com占位符=电子邮件>
< / DIV>
< DIV CLASS =输入固定的>
<跨度类=mandatory_wizard>&安培; NBSP; < / SPAN>
<输入类型=文本级=手机占位符=电话号码>
< / DIV>
< DIV CLASS =输入固定的>
<跨度类=mandatory_wizard> * LT; / SPAN>
<输入类型=密码ID =registerPasswordNAME =registerPassword值=12345678级=密码占位符=密码:必须长于8个字符。>
< / DIV>
< DIV CLASS =输入固定的>
<跨度类=mandatory_wizard> * LT; / SPAN>
<输入类型=密码ID =registerConfirmPasswordNAME =registerConfirmPassword值=12345678级=确认密码占位=确认密码>
< / DIV>
<输入类型=提交级=BTN-模式登录VALUE =创建您的帐户并GT;&放大器; GT;>
< IMG ID =create_account_busy的风格=显示:无; SRC =./启动活动_ Teeyoot_files / busy.gifALT =载入中...>
< /字段集>
}
@ Html.AntiForgeryToken()生成具有名称隐藏输入= __RequestVerificationToken。 (它不具有 ID 属性,这样 $('#anti_forgery_token)VAL(); 将返回undefined
您可以通过访问值
VAR令牌= $('[NAME = __ RequestVerificationToken]')VAL()。
不过,我强烈建议您生成使用的HtmlHelper方法,你的属性输入( @ Html.TextBoxFor(M = GT; m.Name), @ Html.PasswordFor(M = GT; m.Password)等),而不是生成HTML手册,然后你可以简单地用
数据:$('形式')序列化()
在Ajax调用(你可以再删除大部分的脚本)。你也应该不会是硬编码的URL(它会为你把它投入生产,一旦失败)。您的脚本只需要为
$。阿贾克斯({
输入:POST,
数据类型:HTML,
网址:'@ Url.Action(WizardRegister,GetAllFonts)',
数据:$('形式')序列化()。
beforeSend:功能(){
....
您还应该包括 @ Html.ValidationMessageFor()每个属性来获取客户端验证等等无效形式没有提交。
旁注:它不是从你的code,你为什么会用ajax清楚。如果用户注册,然后你会想,如果重定向(如果不和显示验证错误)的成功,所以AJAX是没有意义的。
I am struggling to call my controller method with [ValidateAntiForgeryToken] attribute.
My cshtml/js code :
var wizardRegisterJsonRequest = {
Email: email,
Password: password,
ConfirmPassword: confirmPassword,
Name: name
};
$.ajax({
type: 'POST',
dataType: "html",
url: 'http://localhost:50209/GetAllFonts/WizardRegister',
data: AddAntiForgeryToken(wizardRegisterJsonRequest),
beforeSend: function () {
$('#create_account_form').data('busy', true);
$('#create_account_busy').show();
},
success: function (data) {
if (data.Success === true) {
// all good here
}
$('#create_account_validation_summary').text(data.Message);
$('#create_account_validation_summary').show();
},
complete: function () {
$('#create_account_form').data('busy', false);
$('#create_account_busy').hide();
}
});
AddAntiForgeryToken = function (data) {
alert("adding anti forgery");
data.__RequestVerificationToken = $('#anti_forgery_token').val();
return data;
};
Controller code :
[ValidateAntiForgeryToken]
[HttpPost]
public JsonResult WizardRegister(User usrDetails)
//public JsonResult WizardLogOn(User usr)
{
// string test = ""; // this method WizardRegister is not getting called
}
User model :
public class User
{
public string Email { get; set; }
public string Password { get; set; }
public string ConfirmPassword { get; set; }
public string Name { get; set; }
public string Phone { get; set; }
public string __RequestVerificationToken { get; set; }
}
I am not sure if I need __RequestVerificationToken in the User model. I am using AntiForgery for the first time.
Please let me know where I am going wrong ...
Thanks, Rohan.
Update :
View / form code :
@using (Html.BeginForm(null, null, FormMethod.Post, new { id = "create_account_form" }))
{
@Html.AntiForgeryToken()
<fieldset>
<div class="input-fixed">
<span class="mandatory_wizard">* </span>
<input type="text" id="registrName" name="registrName" value="rohan" class="name" placeholder="Name">
</div>
<div class="input-fixed">
<span class="mandatory_wizard">* </span>
<input type="text" id="registrEmail" name="registrEmail" class="email" value="rohanskosht@gmail.com" placeholder="Email">
</div>
<div class="input-fixed">
<span class="mandatory_wizard"> </span>
<input type="text" class="phone" placeholder="Phone Number">
</div>
<div class="input-fixed">
<span class="mandatory_wizard">* </span>
<input type="password" id="registerPassword" name="registerPassword" value="12345678" class="password" placeholder="Password: Must be longer than 8 characters.">
</div>
<div class="input-fixed">
<span class="mandatory_wizard">* </span>
<input type="password" id="registerConfirmPassword" name="registerConfirmPassword" value="12345678" class="confirm-password" placeholder="Confirm Password">
</div>
<input type="submit" class="btn-modal-login" value="Create your account >>">
<img id="create_account_busy" style="display: none;" src="./Launch Campaign _ Teeyoot_files/busy.gif" alt="Loading...">
</fieldset>
}
@Html.AntiForgeryToken() generates a hidden input with name="__RequestVerificationToken". (it does not have an id attribute so $('#anti_forgery_token').val(); will return undefined.
You can access the value using
var token= $('[name=__RequestVerificationToken]').val();
However, I strongly suggest you generate the inputs for your properties using the HtmlHelper methods (@Html.TextBoxFor(m => m.Name), @Html.PasswordFor(m => m.Password) etc) rather than generating manual html and then you can simply use
data: $('form').serialize()
in the ajax call (and you can then delete most of your script). You should also not be hard coding the url (it will fail as soon as you put it into production). Your script simply needs to be
$.ajax({
type: 'POST',
dataType: "html",
url: '@Url.Action("WizardRegister", "GetAllFonts")',
data: $('form').serialize(),
beforeSend: function () {
....
You should also be including @Html.ValidationMessageFor() for each property to get client side validation so invalid forms are not submitted.
Side note: Its not clear from your code why you would use ajax. If the user is registering, then you would want to redirect if successful (and display validation errors if not), so ajax is pointless
这篇关于AJAX防伪令牌不调用控制器方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
