该防伪标记的cookie和表单域的令牌不MVC 4匹配 [英] The anti-forgery cookie token and form field token do not match in MVC 4
问题描述
我使用的ASP.NET MVC 4.默认的登录模块我没有更改默认的应用程序的任何code和我主持它在共享服务器上。
我在使用默认的登录页面登录后。我一直在一段时间内的浏览器处于闲置状态。那么很明显,应用重定向到登录页面,当我尝试用执行任何控制器动作[授权]
属性。
然后我尝试重新登录,当我在登录按钮,单击它给出了一个错误。
的防伪标记的cookie和表单字段标记不匹配。
登录操作
// POST:/帐号/登录 [HttpPost]
[使用AllowAnonymous]
[ValidateAntiForgeryToken]
公众的ActionResult登录(LoginModel型号,串RETURNURL)
{
如果(ModelState.IsValid&安培;&安培; WebSecurity.Login(model.UserName,model.Password,persistCookie:model.RememberMe))
{
返回RedirectToLocal(RETURNURL);
} //如果我们走到这一步,事情失败了,重新显示形式
ModelState.AddModelError(,提供的用户名或密码不正确。);
返回查看(模型);
}
我在web.config中明确增加了机器的关键解决了问题。
请注意:出于安全原因,不使用此键。产生一个从 https://support.microsoft.com/en-us/kb/ 2915218#附录A 。不要使用网上一身,细节的http://blogs.msdn.com/b/webdev/archive/2014/05/07/asp-net-4-5-2-and-enableviewstatemac.aspx
<的machineKey validationKey=\"971E32D270A381E2B5954ECB4762CE401D0DF1608CAC303D527FA3DB5D70FA77667B8CF3153CE1F17C3FAF7839733A77E44000B3D8229E6E58D0C954AC2E796B\" decryptionKey =1D5375942DA2B2C949798F272D3026421DDBD231757CA12C794E68E9F8CECA71验证=SHA1解密=AES/>
下面是生成唯一的计算机密钥网站:
http://www.developerfusion.com/tools/generatemachinekey/
I'm using the default login module in ASP.NET MVC 4. I did not change any code in the default application and i hosted it on a shared server.
After i logged in using default login page. i kept the browser idle for some time. Then obviously application redirected to the login page when i try to perform any controller action with [Authorize]
attribute.
Then i try to login again and it gives an error when i click on login button.
The anti-forgery cookie token and form field token do not match.
LogIn action
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
{
return RedirectToLocal(returnUrl);
}
// If we got this far, something failed, redisplay form
ModelState.AddModelError("", "The user name or password provided is incorrect.");
return View(model);
}
I resolved the issue by explicitly adding a machine key in web.config.
Note: For security reason don't use this key. Generate one from https://support.microsoft.com/en-us/kb/2915218#AppendixA. Dont use online-one, details, http://blogs.msdn.com/b/webdev/archive/2014/05/07/asp-net-4-5-2-and-enableviewstatemac.aspx
<machineKey validationKey="971E32D270A381E2B5954ECB4762CE401D0DF1608CAC303D527FA3DB5D70FA77667B8CF3153CE1F17C3FAF7839733A77E44000B3D8229E6E58D0C954AC2E796B" decryptionKey="1D5375942DA2B2C949798F272D3026421DDBD231757CA12C794E68E9F8CECA71" validation="SHA1" decryption="AES" />
Here's a site that generates unique Machine Keys:
http://www.developerfusion.com/tools/generatemachinekey/
这篇关于该防伪标记的cookie和表单域的令牌不MVC 4匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!