ASP.NET Core（MVC）：无法进入控制器中的Login HttpPost操作

Question

I'm trying to implement a basic (and rather crude) identification, but I can't seem to actually get to the post action in my controller.

I have an Account controller that looks like this:

[Authorize]
public class AccountController : Controller
{
    private ApplicationDbContext _context;

    public AccountController(ApplicationDbContext context)
    {
        _context = context;
    }

    [HttpGet]
    [AllowAnonymous]
    public IActionResult Login()
    {
        return View();
    }

    [HttpPost]
    [ValidateAntiForgeryToken]
    public IActionResult Login(Identity model)
    {
        var t = _context.LoginTable.FirstOrDefault(m => m.UserName == model.UserName);

        if (t == null)
            return View("Signup");

        return View("Index");
    }
}

And my razor view be like this:

@model MyProject.Models.Identity
@{
    ViewData["Title"] = "Login";
    Layout = "~/Views/Shared/_Layout.cshtml";
}

<h2>Login</h2>

<form method="post">
    <div class="form-group">
        @Html.LabelFor(m => m.UserName)
        @Html.TextBoxFor(m => m.UserName, new { @class = "form-control" })
    </div>
    <div class="form-group">
        @Html.LabelFor(m => m.Password)
        @Html.TextBoxFor(m => m.Password, new { @class = "form-control", @type = "password" })
    </div>
    <button type="submit" name="login" value="Login">Login</button>
</form>

And in my startup.cs - the middle-ware is like this:

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    app.UseAuthentication();

    app.UseStaticFiles(); // serve static files (bootstrap, jQuery, css, etc.) first

    app.UseMvc(ConfigureRoutes);


    app.Run(async (context) =>
    {
        await context.Response.WriteAsync("Hello World!");
    });
}

When I click the submit button - in debug mode I see I do hit the GET method, but not the POST.

What did I miss?

EDIT: Another thing that might be in use, is that every time I try to submit the login form, the url is added with another account%...login%... ie 1st time:

http://localhost:64191/Account/Login?ReturnUrl=%2F

2nd time:

http://localhost:64191/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252F

etc.

Answer 1

Edit - Yeah... I was wrong about [FromBody]

See comments. Turns out that the authorization controller needs to be open. So, removing the [Authorize] filter on the controller allows the POST to reach the action inside of that controller.

When that filter was in place, the POST hits that filter, checks to see if the user is authorized, and then redirects them to the GET before the user ever reaches the POST action.

Glad that worked. Leaving the other answer in place below (a) to keep myself honest (original answer was wrong) and (b) in case someone else runs into that common problem...

Original [FromBody] answer

Try adding [FromBody] in front of the model, so mvc knows you want to pull that model from the post body.

[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult Login([FromBody] Identity model) {
    ... etc ....
}

Its a really common miss with my dev team (especially converting from older .net apps).

Answer 2

[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult Login(Identity model)

Here you request the AntiForgeryToken but you don't provide it in your view. You need to add it inside the form.

<form method="post">
    @Html.AntiForgeryToken()
    ...
</form>

You can also make this automatically by adding a filter to mvc option:

services.AddMvc(options =>
            {
                options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());

            });

Your action from the controller will look like this:

[HttpPost]
public IActionResult Login(Identity model)

And the view:

<form method="post">
    ...
</form>

Also the HttpGet action has [AllowAnonymous] attribute, the HttpPost action should have it too.