[英]ASP.NET Core Web - The required antiforgery cookie “.AspNetCore.Antiforgery.wRFSYju6cwY” is not present
I created a new ASP.NET Core 2.0 Web Application project in VS 2017 (Community v15.6.6), in the New project wizard I selected the Web Application + Authentication: Individual User Accounts. 我在VS 2017(社区v15.6.6)中创建了一个新的ASP.NET Core 2.0 Web应用程序项目,在“新建”项目向导中,我选择了“ Web应用程序+身份验证:单个用户帐户”。 I ran the Update-Database in the PM, to create db.
我在PM中运行Update-Database,以创建数据库。 Then I ran the application in VS in IIS Express, I registered a new user and I logged in. Everything worked fine.
然后,我在IIS Express中的VS中运行该应用程序,注册了一个新用户并登录。一切正常。
Then I stopped the application and ran it not in IIS Express but I used the second launch profile, configured in the launchSettings.json: 然后,我停止了该应用程序,并没有在IIS Express中运行它,而是使用了在launchSettings.json中配置的第二个启动配置文件:
"profiles": {
"TestCoreWebApp": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
},
"applicationUrl": "http://localhost:63090/"
}
Application launched and open a web browser with the home page. 应用程序启动并打开带有主页的Web浏览器。 Now when I try to login, it doesn't work.
现在,当我尝试登录时,它不起作用。 It ends with the http 400 error.
它以http 400错误结束。
In output I see the following error: 在输出中,我看到以下错误:
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery cookie ".AspNetCore.Antiforgery.wRFSYju6cwY" is not present.
at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.<ValidateRequestAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Mvc.ViewFeatures.Internal.ValidateAntiforgeryTokenAuthorizationFilter.<OnAuthorizationAsync>d__3.MoveNext()
Please can anyone explain me why it doesn't work the same way as in the IIS Express profile? 请谁能向我解释为什么它不能与IIS Express配置文件中的方式相同? Is it a bug?
是虫子吗?
The IIS Express profile is running on HTTPS, but the other profile is running on HTTP. IIS Express配置文件在HTTPS上运行,但是另一个配置文件在HTTPS上运行。 Does this difference play a role in the described behaviour?
这种差异是否在描述的行为中起作用?
Many thanks. 非常感谢。 Filip
菲利普
This has tripped me up too many times to count, as I normally start with an empty web project template. 由于我通常从一个空的Web项目模板开始,这使我绊倒了太多次了。
You are likely missing the _ViewImports.cshtml
file, or the following line within it (which enables the built-in tag helpers, ie the auto-injected csrf): 您可能会丢失
_ViewImports.cshtml
文件或其中的以下行(这将启用内置的标记帮助程序,即自动注入的csrf):
@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
I also create the same project in the same version but i'am not create the database, because when you add new user the entity framework check and create the database 我还以相同的版本创建了相同的项目,但是我没有创建数据库,因为当您添加新用户时,实体框架会检查并创建数据库
try to create new user and late the EF create the database. 尝试创建新用户,并在EF以后创建数据库。
I had a similar problem using an Identity Server 4 / Identity Management project with Asp Net core 2.0 and an Asp Net Core 2.0 API project, both using SSL and running using IIS. 使用带有ASP并运行IIS的Identity Server 4 /身份管理项目和Asp Net core 2.0和Asp Net Core 2.0 API项目时,我遇到了类似的问题。
For the development environment, I changed to run without SSL and using Kestrel and the error "required anti-forgery cookie .AspNetCore.Antiforgery.wRFSYju6cwY” was shown. 对于开发环境,我更改为不使用SSL并使用Kestrel来运行,并显示错误“必需的防伪cookie .AspNetCore.Antiforgery.wRFSYju6cwY”。
When I cleaned the Cookies (in all browsers) everything started to work properly, I hope this helps you. 当我清理了Cookies(在所有浏览器中)后,一切开始正常运行,希望对您有所帮助。
尝试将@Html.AntiForgeryToken()
插入到您的登录视图中(在表单内部)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.