所需的反伪造cookie“_ RequestVerificationToken”不存在。 MVC 5 [英] The required anti-forgery cookie "__RequestVerificationToken" is not present. MVC 5
问题描述
所需的防伪cookie__RequestVerificationToken不存在。
"The required anti-forgery cookie "__RequestVerificationToken" is not present."
当用户尝试注册时,很少出现。
When a user attempts to register, it rarely appears.
我使用Elmah tracker。来自客户端的数据具有表单字段__RequestVerificationToken。
I am using Elmah tracker. The data from the client has form field "__RequestVerificationToken".
我找不到原因。请查看以下数据。
I can't find out the reason. Please review the below data.
提前感谢。
<error application="/LM/W3SVC/3/ROOT" host="N816A" type="System.Web.Mvc.HttpAntiForgeryException" message="The required anti-forgery cookie "__RequestVerificationToken" is not present." source="System.Web.WebPages" detail="System.Web.Mvc.HttpAntiForgeryException (0x80004005): The required anti-forgery cookie "__RequestVerificationToken" is not present.
at System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken)
at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext)
at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<BeginInvokeAction>b__19(AsyncCallback asyncCallback, Object asyncState)" time="2015-06-20T10:35:41.3420000Z" statusCode="500">
<serverVariables>
<item name="ALL_HTTP">
<value string="HTTP_CONNECTION:keep-alive
HTTP_CONTENT_LENGTH:328
HTTP_CONTENT_TYPE:application/x-www-form-urlencoded
HTTP_ACCEPT:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_ENCODING:gzip, deflate
HTTP_ACCEPT_LANGUAGE:en-us
HTTP_HOST:www.----.com
HTTP_REFERER:https://www.----.com/Account/Login
HTTP_USER_AGENT:Mozilla/5.0 (iPad; CPU OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F69 Safari/600.1.4
HTTP_ORIGIN:https://www.----.com
"/>
</item>
<item name="ALL_RAW">
<value string="Connection: keep-alive
Content-Length: 328
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Host: www.----.com
Referer: https://www.----.com/Account/Login
User-Agent: Mozilla/5.0 (iPad; CPU OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F69 Safari/600.1.4
Origin: https://www.----.com
"/>
</item>
<item name="APPL_MD_PATH">
<value string="/LM/W3SVC/3/ROOT"/>
</item>
<item name="APPL_PHYSICAL_PATH">
<value string="D:\WebSite\----\"/>
</item>
<item name="AUTH_TYPE">
<value string=""/>
</item>
<item name="AUTH_USER">
<value string=""/>
</item>
<item name="AUTH_PASSWORD">
<value string="*****"/>
</item>
<item name="LOGON_USER">
<value string=""/>
</item>
<item name="REMOTE_USER">
<value string=""/>
</item>
<item name="CERT_COOKIE">
<value string=""/>
</item>
<item name="CERT_FLAGS">
<value string=""/>
</item>
<item name="CERT_ISSUER">
<value string=""/>
</item>
<item name="CERT_KEYSIZE">
<value string="128"/>
</item>
<item name="CERT_SECRETKEYSIZE">
<value string="2048"/>
</item>
<item name="CERT_SERIALNUMBER">
<value string=""/>
</item>
<item name="CERT_SERVER_ISSUER">
<value string="C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO SSL CA"/>
</item>
<item name="CERT_SERVER_SUBJECT">
<value string="OU=Domain Control Validated, OU="Hosted by Korea Information Certificate Authority, Inc.", OU=COMODO SSL, CN=www.----.com"/>
</item>
<item name="CERT_SUBJECT">
<value string=""/>
</item>
<item name="CONTENT_LENGTH">
<value string="328"/>
</item>
<item name="CONTENT_TYPE">
<value string="application/x-www-form-urlencoded"/>
</item>
<item name="GATEWAY_INTERFACE">
<value string="CGI/1.1"/>
</item>
<item name="HTTPS">
<value string="on"/>
</item>
<item name="HTTPS_KEYSIZE">
<value string="128"/>
</item>
<item name="HTTPS_SECRETKEYSIZE">
<value string="2048"/>
</item>
<item name="HTTPS_SERVER_ISSUER">
<value string="C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO SSL CA"/>
</item>
<item name="HTTPS_SERVER_SUBJECT">
<value string="OU=Domain Control Validated, OU="Hosted by Korea Information Certificate Authority, Inc.", OU=COMODO SSL, CN=www.----.com"/>
</item>
<item name="INSTANCE_ID">
<value string="3"/>
</item>
<item name="INSTANCE_META_PATH">
<value string="/LM/W3SVC/3"/>
</item>
<item name="LOCAL_ADDR">
<value string="10.57.14.250"/>
</item>
<item name="PATH_INFO">
<value string="/Account/Register"/>
</item>
<item name="PATH_TRANSLATED">
<value string="D:\WebSite\----\Account\Register"/>
</item>
<item name="QUERY_STRING">
<value string=""/>
</item>
<item name="REMOTE_ADDR">
<value string="222.152.222.107"/>
</item>
<item name="REMOTE_HOST">
<value string="222.152.222.107"/>
</item>
<item name="REMOTE_PORT">
<value string="57745"/>
</item>
<item name="REQUEST_METHOD">
<value string="POST"/>
</item>
<item name="SCRIPT_NAME">
<value string="/Account/Register"/>
</item>
<item name="SERVER_NAME">
<value string="www.----.com"/>
</item>
<item name="SERVER_PORT">
<value string="443"/>
</item>
<item name="SERVER_PORT_SECURE">
<value string="1"/>
</item>
<item name="SERVER_PROTOCOL">
<value string="HTTP/1.1"/>
</item>
<item name="SERVER_SOFTWARE">
<value string="Microsoft-IIS/7.5"/>
</item>
<item name="URL">
<value string="/Account/Register"/>
</item>
<item name="HTTP_CONNECTION">
<value string="keep-alive"/>
</item>
<item name="HTTP_CONTENT_LENGTH">
<value string="328"/>
</item>
<item name="HTTP_CONTENT_TYPE">
<value string="application/x-www-form-urlencoded"/>
</item>
<item name="HTTP_ACCEPT">
<value string="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"/>
</item>
<item name="HTTP_ACCEPT_ENCODING">
<value string="gzip, deflate"/>
</item>
<item name="HTTP_ACCEPT_LANGUAGE">
<value string="en-us"/>
</item>
<item name="HTTP_HOST">
<value string="www.----.com"/>
</item>
<item name="HTTP_REFERER">
<value string="https://www.----.com/Account/Login"/>
</item>
<item name="HTTP_USER_AGENT">
<value string="Mozilla/5.0 (iPad; CPU OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F69 Safari/600.1.4"/>
</item>
<item name="HTTP_ORIGIN">
<value string="https://www.----.com"/>
</item>
</serverVariables>
<form>
<item name="__RequestVerificationToken">
<value string="NfS-jtWU5SbI8M605BxJI9soh5wRn0BSrDoxLUFbwH_rQfwWZ3R60I1h2uPosZOMnhYpcjgh5Mg5tjDDziNKGZBFTVw1"/>
</item>
<item name="UserName">
<value string="----"/>
</item>
<item name="Password">
<value string="----"/>
</item>
<item name="ConfirmPassword">
<value string="----"/>
</item>
<item name="RealName">
<value string="Earl ----"/>
</item>
<item name="Email">
<value string="----@gmail.com"/>
</item>
<item name="Birth">
<value string="1984-05-08"/>
</item>
<item name="PhoneNumber">
<value string="083566----"/>
</item>
<item name="AcceptPolicyAndTerm">
<value string="true"/>
<value string="false"/>
</item>
</form>
<cookies>
<item name="ASP.NET_SessionId">
<value string="1avxrf2rgcawh0nywaed03bd"/>
</item>
</cookies>
</error>
推荐答案
AntiForgeryTokens基于登录用户的姓名事情,所以它会失败,并抛出一个错误。看起来这是你发生了什么,因为它是在登录方法。基本上,将未授权用户的令牌与授权用户的预期令牌值进行比较。
AntiForgeryTokens are based on the logged in user's name among other things so it will fail and throw an error. It looks like this is what is happening to you since it is on the Login method. Basically, a token for unauthorized user is compared to an authorized user's expected token value.
您可能必须从登录页面中删除防伪令牌。
You may have to remove the antiforgery token from the login page. There have been a ton of long drawn out discussions about the topic and no one can come to a consensus.
以下是其中的几个:
这篇关于所需的反伪造cookie“_ RequestVerificationToken”不存在。 MVC 5的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!