包括在阿贾克斯后ASP.NET MVC antiforgerytoken [英] include antiforgerytoken in ajax post ASP.NET MVC
问题描述
我有与AntiForgeryToken与阿贾克斯的麻烦。我使用ASP.NET MVC 3,我想在<一个解决方案href="http://stackoverflow.com/questions/4074199/jquery-ajax-calls-and-the-html-antiforgerytoken">jQuery Ajax调用和Html.AntiForgeryToken()。使用该溶液,令牌现在正在传递:
VAR数据= {...} //使用令牌,关键是'__RequestVerificationToken
$阿贾克斯({
键入:POST,
数据:数据,
数据类型:JSON,
传统:真正的,
的contentType:应用/ JSON的;字符集= UTF-8,
网址:myURL,
成功:函数(响应){
...
},
错误:函数(响应){
...
}
});
当我删除 [ValidateAntiForgeryToken]
属性只是为了看看数据(用记号)被作为参数传递给控制器,我可以看到他们是传递。但由于某些原因,在 A需要防伪令牌未提供或无效。
信息仍然弹出当我把属性了。
任何想法?
修改
该antiforgerytoken正在一个表单内产生的,但我不使用提交操作将其提交。相反,我使用jQuery,然后试图阿贾克斯后,仅仅获得令牌的值。
下面是包含令牌的形式,和位于顶部的母版页:
&LT;形式ID =__ AjaxAntiForgeryForm行动=#的方法=邮报&GT;
@ Html.AntiForgeryToken()
&LT; /形式GT;
您已经正确指定了的contentType
到应用程序/ JSON
。
这里有一个如何这可能工作的一个例子。
控制器:
公共类的HomeController:控制器
{
公众的ActionResult指数()
{
返回查看();
}
[HttpPost]
[ValidateAntiForgeryToken]
公众的ActionResult指数(字符串someValue中)
{
返回JSON(新{someValue中= someValue中});
}
}
查看:
@using(Html.BeginForm(NULL,NULL,FormMethod.Post,新{ID =__AjaxAntiForgeryForm}))
{
@ Html.AntiForgeryToken()
}
&LT; DIV ID =myDiv数据URL =@ Url.Action(指数,家)&GT;
点击我送一个AJAX请求到一个控制器动作
饰以[ValidateAntiForgeryToken]属性
&LT; / DIV&GT;
&LT;脚本类型=文/ JavaScript的&GT;
$('#myDiv)。递交(函数(){
变种形式= $('#__ AjaxAntiForgeryForm');
VAR令牌= $('输入[名称=__ RequestVerificationToken],形式).VAL();
$阿贾克斯({
网址:$(本)的.data(URL),
键入:POST,
数据: {
__RequestVerificationToken:令牌,
someValue中:一些价值
},
成功:函数(结果){
警报(result.someValue);
}
});
返回false;
});
&LT; / SCRIPT&GT;
I am having trouble with the AntiForgeryToken with ajax. I'm using ASP.NET MVC 3. I tried the solution in jQuery Ajax calls and the Html.AntiForgeryToken(). Using that solution, the token is now being passed:
var data = { ... } // with token, key is '__RequestVerificationToken'
$.ajax({
type: "POST",
data: data,
datatype: "json",
traditional: true,
contentType: "application/json; charset=utf-8",
url: myURL,
success: function (response) {
...
},
error: function (response) {
...
}
});
When I remove the [ValidateAntiForgeryToken]
attribute just to see if the data (with the token) is being passed as parameters to the controller, I can see that they are being passed. But for some reason, the A required anti-forgery token was not supplied or was invalid.
message still pops up when I put the attribute back.
Any ideas?
EDIT
The antiforgerytoken is being generated inside a form, but I'm not using a submit action to submit it. Instead, I'm just getting the token's value using jquery and then trying to ajax post that.
Here is the form that contains the token, and is located at the top master page:
<form id="__AjaxAntiForgeryForm" action="#" method="post">
@Html.AntiForgeryToken()
</form>
You have incorrectly specified the contentType
to application/json
.
Here's an example of how this might work.
Controller:
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Index(string someValue)
{
return Json(new { someValue = someValue });
}
}
View:
@using (Html.BeginForm(null, null, FormMethod.Post, new { id = "__AjaxAntiForgeryForm" }))
{
@Html.AntiForgeryToken()
}
<div id="myDiv" data-url="@Url.Action("Index", "Home")">
Click me to send an AJAX request to a controller action
decorated with the [ValidateAntiForgeryToken] attribute
</div>
<script type="text/javascript">
$('#myDiv').submit(function () {
var form = $('#__AjaxAntiForgeryForm');
var token = $('input[name="__RequestVerificationToken"]', form).val();
$.ajax({
url: $(this).data('url'),
type: 'POST',
data: {
__RequestVerificationToken: token,
someValue: 'some value'
},
success: function (result) {
alert(result.someValue);
}
});
return false;
});
</script>
这篇关于包括在阿贾克斯后ASP.NET MVC antiforgerytoken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!