Valums文件上传器-包括ValidateAntiForgeryToken [英] Valums File Uploader - Including ValidateAntiForgeryToken
问题描述
我正在尝试使用MVC ValidateAntiForgeryToken保护我的上载控制器方法,但是我正在努力弄清楚如何使帖子中包含__RequestVerificationToken.
I'm trying to protect my upload controller method using the MVC ValidateAntiForgeryToken but I'm struggling to work out how to get the __RequestVerificationToken included in the post.
我的动作是这样的:
[HttpPost, ValidateAntiForgeryToken]
public ActionResult FileUpload(HttpPostedFileBase qqfile)
查看上传者的文档,没有任何暴露我可以找到的钩子将允许我在qq代码之外进行访问,以操纵它生成的表单.
Looking through the documentation for the uploader there aren't any exposed hooks that I can find that would allow me access outside the qq code to manipulate the form it generates.
还有其他人设法使它起作用吗?
Has anyone else managed to get this to work?
在编辑了用于创建表单的源文件之后,我的请求仍未通过验证:
After editing the source file for the form creation my requests are still not passing the validation:
请求
http://localhost:54275/UserProfile/FileUpload?qqfile=266758_10150696082935268_8163320_o.jpg
Host: localhost:54275
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
X-Requested-With: XMLHttpRequest
X-File-Name: 266758_10150696082935268_8163320_o.jpg
Content-Type: application/octet-stream
X-Mime-Type: image/jpeg
Referer: http://localhost:54275/UserProfile/Edit
Content-Length: 625352
Cookie: __test=1; RememberMe=-1167340540^1#-5833880764017141030; __RequestVerificationToken=BEIHblTcEaCio_1_i6bJnSYmituqQfq9y2ge63T85w15pAhbPldPZqY8DhLTubmtmd9OLtAuJcHdmfaFHSbn1L7oAYAtxDJWdMOOzNrddhU1; DotNetOpenAuth.WebServerClient.XSRF-Session=O-l5-Hv0flYqKL27j0TGhA; .ASPXAUTH=52C5EDFB92A09FA0395676E23BE1EBBBF03D3E88EF7C81761B76C1C8EF67936C0D9FBFD730ED77B0246C49757828A7C17D0DD7644A1C50988ECFF4C3DEDF15783E5FD7C4BA97E484F9FD6460EB6A5310E27453B461E320D10E74A5F8AEE1C0A5B1367D0DB4060958B48DACB12E80AA23; TCSESSIONID=D9016B850A1BCFD6921E274467F52CEE
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Fiddler-Encoding: base64
推荐答案
我正在使用FineUploader的5.11.10版本(Valum的FileUploader重命名提到的FineUploader历史记录) 并且确实包含指定表单的功能,请参见表单选项
I am using version 5.11.10 of FineUploader (rename of Valum's FileUploader FineUploader history mentioned) and it does contain the feature to specify a form, see Form Options
如果您的表单不包含任何其他表单值,则带有AntiForgeryToken验证的FineUpload的示例包括在AntiForgeryToken中包含具有某些ID(在下面的示例中为testForm)的表单.
An example of a FineUpload with AntiForgeryToken validation if your form doesn't contain any other form values is to include a form with some id (testForm in below example) with the AntiForgeryToken.
@using (Html.BeginForm(MVCHelpers.Bank.Transactions.UploadFile(), FormMethod.Post, new { id = "testForm" }))
{
@Html.AntiForgeryToken()
}
然后在FineUploader中指定必须发送的表单:
And in the FineUploader specify the form it has to send also:
<div id="fileUploadContainer"></div>
<script>
var uploader = new qq.FineUploader({
element: document.getElementById("fileUploadContainer"),
...
form: {
element: "testForm",
autoUpload: true
}
});
</script>
这使您可以结合Action上的[ValidateAntiForgeryToken]上传文件.如果上载是其他表单值的一部分,您还可以通过指定该表单的ID来指定实际表单.请注意autoUpload true,因为在设置表单元素时默认为false.
This enables you to upload files in combination with [ValidateAntiForgeryToken] on your Action. You can also specify a real form if the upload is part of other form values, by specifying the id of that form. Pay attention to the autoUpload true since it's false by default when you set a form element.
这篇关于Valums文件上传器-包括ValidateAntiForgeryToken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
