堆栈内存溢出
  简体   繁体   English

$ .post上没有必填的防伪表单字段“ __RequestVerificationToken”

[英]The required anti-forgery form field “__RequestVerificationToken” is not present on $.post

 原文  2017-11-13 09:00:18       jquery/ asp.net/ ajax/ antiforgerytoken

问题描述

Currently I am having a problem with my AntiForgeryToken not being present in my post call but for all I know, it is actually there. 目前,我的帖子中没有显示我的AntiForgeryToken的问题,但据我所知,它实际上在那里。

Since I don't use a form to get the data from my HTML but just input fields I made a empty form on the bottom of my page using: 由于我不使用表单从HTML中获取数据,而只是使用输入字段,因此我使用以下命令在页面底部制作了一个空表单: 

@using (Html.BeginForm(null, null, FormMethod.Post, new { id = 
"__AjaxAntiForgeryForm" }))
{
    @Html.AntiForgeryToken()
}

This results in a AntiForgeryToken that I can get using jQuery. 这导致了我可以使用jQuery获得的AntiForgeryToken。

so in my Javascript I do: 所以在我的JavaScript中,我这样做: 

                        var LoginData = {
                            EmailAddress: currentMail,
                            Password: password
                        }
                        var form = $('#__AjaxAntiForgeryForm');
                        var token = $('input[name="__RequestVerificationToken"]', form).val();

                        data = {
                            __RequestVerificationToken: token,
                            LoginData: LoginData
                        }

                        $.post(window.location,
                            {
                                scController: '*Controller*',
                                scAction: 'ValidateLogin',
                                data: data
                            }).done(function (d, e) { 
                                console.log("done");
                                console.log(d);
                                console.log(e);
                            }).fail(function (d, e) {
                                console.log("error");
                                console.log(d);
                                console.log(e);
                            });

The data object that I create results in: 我创建的数据对象导致: 

{LoginData: {EmailAddress: "********", Password: "*******"}, __RequestVerificationToken: "Imagine a token here"}

And then my controller action: 然后我的控制器动作: 

    [HttpPost]
    [ValidateAntiForgeryToken]
    public ResultMessage ValidateLogin(LoginData login)
    {
        return _userRepository.Login(login);
    }

For some reason when I try to do this post I get this error: 由于某些原因,当我尝试执行此文章时,出现此错误:

"The required anti-forgery form field "__RequestVerificationToken" is not present." “不存在必需的反伪造表单字段“ __RequestVerificationToken”。”

What am I doing wrong? 我究竟做错了什么?

EDIT 1: I see that the __RequestVerificationToken in the Cookie header is different than the one I send with the data. 编辑1:我看到Cookie头中的__RequestVerificationToken与我随数据发送的__RequestVerificationToken不同。 How can this be? 怎么会这样?

2 个解决方案

解决方案1
 0  2017-11-13 09:14:24

As stated here https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/preventing-cross-site-request-forgery-csrf-attacks , when used with ajax, the anti-forgery token must be sent in the headers like this: 如此处所述https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/preventing-cross-site-request-forgery-csrf-attacks与ajax一起使用时,防伪必须在标头中发送令牌,如下所示: 

$.ajax("api/values", {
    type: "post",
    contentType: "application/json",
    data: {  }, // JSON data goes here
    dataType: "json",
    headers: {
        'RequestVerificationToken': <Token>
    }
});

解决方案2
 0  2019-09-04 05:33:30

Here is my step-by-step approach on this issue. 这是我在此问题上的分步方法。 I am using angularJS, jquery, ASP.NET MVC 5 https://stackoverflow.com/a/57781976/2508781 我正在使用angularJS,jquery,ASP.NET MVC 5 https://stackoverflow.com/a/57781976/2508781

Use of MVC's AntiForgery.Validate() does the magic of validating the value of antiforgery token here and is wonderful so far. 使用MVC的AntiForgery.Validate()确实可以在这里验证防伪令牌的值,并且到目前为止效果非常好。 Hope this helps! 希望这可以帮助!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Nopcommerce不存在必需的反伪造表单字段“ __RequestVerificationToken”。” - Nopcommerce The required anti-forgery form field “__RequestVerificationToken” is not present." 所需的防伪表单字段“__RequestVerificationToken”不存在 - The required anti-forgery form field “__RequestVerificationToken” is not present 在ajax调用中不存在必需的反伪造表单字段“ __RequestVerificationToken” - The required anti-forgery form field “__RequestVerificationToken” is not present in ajax call 所需的防伪 cookie“__RequestVerificationToken”不存在 - The required anti-forgery cookie "__RequestVerificationToken" is not present 从ajax方法调用操作将引发错误:所需的防伪表单字段“ __RequestVerificationToken”不存在 - Invoking action from ajax method is throwing an error: The required anti-forgery form field “__RequestVerificationToken” is not present 使用 Ajax 和 Html.AntiForgeryToken() 时,所需的防伪表单字段“__RequestVerificationToken”不存在 - The required anti-forgery form field "__RequestVerificationToken" is not present when using Ajax and Html.AntiForgeryToken() 所需的防伪表单字段__requestverificationtoken不存在ajax调用时出错 - the required anti-forgery form field __requestverificationtoken is not present Error while ajax call asp.net mvc“所需的防伪表单字段”__ RequestVerificationToken“不存在。” - asp.net mvc “The required anti-forgery form field”__RequestVerificationToken“ is not present.” 错误:必填的防伪表单字段“ __RequestVerificationToken”不存在 - error: The required anti-forgery form field &quot;__RequestVerificationToken&quot; is not present 返回JSON 500错误-所需的反伪造表单字段“ __RequestVerificationToken”不存在 - Return JSON 500 error - The required anti-forgery form field “__RequestVerificationToken” is not present
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM