MVC AntiforgeryToken-限制? [英] MVC AntiforgeryToken - Limit?

问题描述

我的一个视图通过firefox可以正常显示，但在IE11上却不能正常显示.

它使用数据表，其中的2列具有按钮来切换某些显示数据的状态.

这些列非常相似，其中一个就是这样....

        @{
            <td style="width: 18%">
                @if ((ViewBag.UserIsAdmin == "1") && ("AV".Contains(Model[ix].Status[0])) )
                {
                    <span class="hidden_span">@Html.DisplayFor(modelItem => Model[ix].StockId)</span>
                    string voidItemButtonCaption = String.Format("{0} {1}", ((Model[ix].Status[0] == 'A') ? "Void Item" : "Un-Void Item"), Model[ix].StockId);
                    using (Html.BeginForm("VoidStockItem", "Stock", new { stockId = Model[ix].StockId, categoryId = Model[ix].CategoryId, bAvailableOnly = availableOnly }, FormMethod.Post, null))
                    {
                        @Html.AntiForgeryToken()
                        @Html.Raw(string.Format("<input type=\"submit\" value=\"{0}\" name=\"VoidStockItem\" class=\"btn btn-default smaller_btn_btn_default\" />", voidItemButtonCaption));
                    }
                }
                else
                {
                    @Html.DisplayFor(modelItem => Model[ix].StockId)
                }
            </td>
        } 

我发现，如果我的模型包含大约115多个项目，则在IE中将不会显示该视图，并且只会显示无法显示此页面". 在IE中使用F12也无济于事. "DOM7011:此页面上的代码禁用了前后缓存.有关更多信息，请参见: http: //go.microsoft.com/fwlink/?LinkID=291337 "

经过大量的头发拉扯之后，我发现如果删除防伪标记，则页面可以正确加载.显然，我不能作为解决方案，但我认为这至少是一个线索.

因此，在一个视图中，我似乎仅限于约230个防伪令牌. 有问题的视图列出了库存，并允许用户使特定项目无效，因此，一切都没有.

所以我的问题是....

1. 视图上的防伪令牌数量是否有限制?
2. 有没有一种方法可以仅在单击一个提交按钮ic时才插入一个?
3. 我做错了什么吗?
4. 有人可以指出正确的方向来解决这个问题吗?

任何帮助都将不胜感激.

解决方案

我最终通过AJAX做到了.

在从_Layout提取AntiForgeryToken时效果很好.

//There isn't an antiforgerttoken on this page but there is one in the _~\shared\layout so it picks that up
params["__RequestVerificationToken"] = $('[name=__RequestVerificationToken]').val();
//Set the generic params
params["categoryId"] = catId;
params["denom"] = thisdenom;
params["bAvailableOnly"] = bAvail;

if (bIsBatch) {
    url = "@Url.Action("VoidStockBatch", "Stock")";
    params["stockBatchId"] = itemId;          
} else {
    url = "@Url.Action("VoidStockItem", "Stock")";
    params["stockId"] = itemId;
}

$.ajax({
    url: url,
    type: 'POST',
    cache: false,
    data: params,
    success: ...........

I have a view that shows fine via firefox but not on IE11.

It uses Datatables and 2 of the columns have buttons to toggle the status of some data displayed.

These columns are very similar and one is like this....

        @{
            <td style="width: 18%">
                @if ((ViewBag.UserIsAdmin == "1") && ("AV".Contains(Model[ix].Status[0])) )
                {
                    <span class="hidden_span">@Html.DisplayFor(modelItem => Model[ix].StockId)</span>
                    string voidItemButtonCaption = String.Format("{0} {1}", ((Model[ix].Status[0] == 'A') ? "Void Item" : "Un-Void Item"), Model[ix].StockId);
                    using (Html.BeginForm("VoidStockItem", "Stock", new { stockId = Model[ix].StockId, categoryId = Model[ix].CategoryId, bAvailableOnly = availableOnly }, FormMethod.Post, null))
                    {
                        @Html.AntiForgeryToken()
                        @Html.Raw(string.Format("<input type=\"submit\" value=\"{0}\" name=\"VoidStockItem\" class=\"btn btn-default smaller_btn_btn_default\" />", voidItemButtonCaption));
                    }
                }
                else
                {
                    @Html.DisplayFor(modelItem => Model[ix].StockId)
                }
            </td>
        } 

I've found that if my model contains more than around 115 items, then in IE the view wont display and it just says "This page can’t be displayed". Using F12 in IE isn't much help either.... "DOM7011: The code on this page disabled back and forward caching. For more information, see: http://go.microsoft.com/fwlink/?LinkID=291337"

After lots of hair pullling I have found that if I remove the anti forgery tokens, the page loads correctly. Obviously I cannot do this as a solution but I suppose it is at least a clue.

So it seems that I am limited to around 230 antiforgery tokens in a view. The view in question lists stocks and allows the user to Void particular items, so it's nothing out of this world.

So my questions are....

1. is there a limit to the amount of anti forgerty tokens on a view?
2. Is there a way to just insert one only when one of the submit buttons ic clicked?
3. Have I done something fundamentally wrong?
4. Can someone point me in the right direction to reslove this issue please?

Any help greatly appreciated.

解决方案

I ended up doing it via AJAX.

Works nicely as it picks up the AntiForgeryTokenFrom _Layout.

//There isn't an antiforgerttoken on this page but there is one in the _~\shared\layout so it picks that up
params["__RequestVerificationToken"] = $('[name=__RequestVerificationToken]').val();
//Set the generic params
params["categoryId"] = catId;
params["denom"] = thisdenom;
params["bAvailableOnly"] = bAvail;

if (bIsBatch) {
    url = "@Url.Action("VoidStockBatch", "Stock")";
    params["stockBatchId"] = itemId;          
} else {
    url = "@Url.Action("VoidStockItem", "Stock")";
    params["stockId"] = itemId;
}

$.ajax({
    url: url,
    type: 'POST',
    cache: false,
    data: params,
    success: ...........

这篇关于MVC AntiforgeryToken-限制?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！