MVC防伪标记requestvalidation出现在查询字符串 [英] MVC Antiforgery requestvalidation token appearing in querystring

问题描述

我有以下code的MVC 3看法： -

I have an MVC 3 view with the following code:-

@using (Html.BeginForm(MVC.Order.SearchResults(), FormMethod.Get))
{
    @Html.AntiForgeryToken()

    @Html.Button("btnSearch", "Search", HtmlButtonType.Submit, null, new { @class = "button primary icon search", alt = "Search the orders (up to 50 characters)" }
}

当我发布我看到__RequestVerificationToken形式=和查询字符串中的verifcation令牌的内容。

When I post the form I see the __RequestVerificationToken= and the contents of the verifcation token within the querystring.

任何想法，为什么这可能是这种情况，如何排序呢？

Any ideas why this may be the case and how to sort it?

推荐答案

只有POST请求伪造防工作的令牌。如果你想使用它们，你需要改变形式使用的动词POST而不是GET：

Anti forgery token work only with POST requests. If you want to use them you need to change the verb used of the form to POST instead of GET:

@using (Html.BeginForm(MVC.Order.SearchResults(), FormMethod.Post))
{
    @Html.AntiForgeryToken()

    @Html.Button("btnSearch", "Search", HtmlButtonType.Submit, null, new { @class = "button primary icon search", alt = "Search the orders (up to 50 characters)" }
}

这篇关于MVC防伪标记requestvalidation出现在查询字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！