反偽造令牌和Ajax JSON.stringify發布不起作用
[英]Anti Forgery Token and Ajax JSON.stringify Post Does not Work
問題描述
我試圖將防偽令牌與JSON.stringify一起使用,並且我檢查了許多站點,但未成功。這是我的ajax代碼,可以毫無問題地刪除一些信息。現在我添加了防偽令牌並且我不知道如何更改我的ajax代碼正常工作。我還向我的操作中添加了ValidateAntiForgeryToken。
<script src="../../Scripts/jquery-1.8.3.js"></script>
<script src="../../Scripts/jquery-ui-1.9.2.custom.js"></script>
<script>
$(function () {
$(":checkbox").change(function () {
var $this = $(this);
if ($this.is(":checked")) {
$this.closest("tr").addClass("SlectedtRow");
} else {
$this.closest("tr").removeClass("SlectedtRow");
}
})
var tittle = '';
var url = '';
$("#dialog").dialog({
autoOpen: false,
width: 400,
modal: true,
resizable: false,
buttons: [
{
text: "بلی",
click: function () {
Delete();
$(this).dialog("close");
}
},
{
text: "خیر",
click: function () {
$(this).dialog("close");
}
}
]
});
var IsActive
// Link to open the dialog
$(".insertBtn").click(function (event) {
var IsSelected = false;
var ModalText = " آیا کاربر ";
$('#userForm input:checked').each(function () {
ModalText += this.value + " - "
IsSelected = true;
});
if (IsSelected) {
document.getElementById('ErrorContent').style.display = "none";
ModalText = ModalText.slice(0, -2);
if (this.id == 'DeleteUser') {
ModalText += " حذف گردد "
tittle = 'حذف کاربر'
url = '@Url.Action("DeleteUser", "UserManagement")';
}
else if (this.id == 'InActiveUser') {
ModalText += " غیر فعال گردد "
tittle = 'تغییر فعالیت کاربر '
url = '@Url.Action("ChangeActiveStatus", "UserManagement")';
IsActive = false;
}
else if (this.id == 'ActiveUser') {
ModalText += " فعال گردد "
tittle = 'تغییر فعالیت کاربر '
url = '@Url.Action("ChangeActiveStatus", "UserManagement")';
IsActive = true;
}
$('#ModalMessgae').text(ModalText);
$("#dialog").dialog("open");
$("#ui-id-1").text(tittle);
event.preventDefault();
} })
function Delete() {
var list = [];
$('#userForm input:checked').each(function () {
list.push(this.id);
});
var parameters = {};
if (url == '@Url.Action("DeleteUser", "UserManagement")') {
parameters = JSON.stringify(list);
}
else {
parameters = JSON.stringify({ "userId": list, "ISActive": IsActive });
}
$.ajax({
url: url,
type: 'POST',
contentType: 'application/json; charset=utf-8',
dataType: "html",
traditional: true,
data: parameters,
success: function (data, textStatus, jqXHR) {
$('#updateAjax').html(data);
},
error: function (data) {
$('#updateAjax').html(data);
}
}); //end ajax
}
});
</script>
// HTML
@using Common.UsersManagement.Entities;
@model IEnumerable<VwUser>
@{
Layout = "~/Views/Shared/Master.cshtml";
}
<form id="userForm">
<div id="updateAjax">
@Html.AntiForgeryToken()
@if (string.IsNullOrWhiteSpace(ViewBag.MessageResult) == false)
{
<div class="@ViewBag.cssClass">
@Html.Label(ViewBag.MessageResult as string)
</div>
<br />
}
<table class="table" cellspacing="0">
@foreach (VwUser Item in Model)
{
<tr class="@(Item.IsActive ? "tRow" : "Disable-tRow")">
<td class="tbody">
<input type="checkbox" id="@Item.Id" name="selected" value="@Item.FullName"/></td>
<td class="tbody">@Item.FullName</td>
<td class="tbody">@Item.Post</td>
<td class="tbody">@Item.Education</td>
</tr>
}
</table>
</div>
<br />
<br />
@if (!Request.IsAjaxRequest())
{
<div class="btnContainer">
<a href="#" id="DeleteUser" class="insertBtn">delete </a>
<br />
<br />
</div>}
3 個解決方案
解決方案1
3 2016-02-04 11:47:10
這可能對某人有幫助。 您需要做的就是在適當的地方在jquery和cshtml中添加以下行。
jQuery的:
var token = $('#userForm input[name="__RequestVerificationToken"]').val();
// ....
//include {__RequestVerificationToken:token} in your json result.
//For example,
JSON.stringify({ __RequestVerificationToken:token, "userId": list, "ISActive": IsActive })
CSHTML:
<form id="userForm">
@Html.AntiForgeryToken()
<div id="updateAjax">
...
</div>
</form>
另外,移除
contentType: "application/json; charset=utf-8"
請閱讀以下鏈接https://nozzlegear.com/blog/send-and-validate-an-asp-net-antiforgerytoken-as-a-request-header
解決方案2
2 2013-11-27 12:16:37
默認情況下,AJAX POST不檢查防偽令牌。 您可以通過重寫OnAuthorization來啟用它,如下所示: AJAX AntiforgeryToken
解決方案3
-1 已采納 2016-07-06 12:08:59
哇,這是帶有附加信息的完整解決方案: http : //weblogs.asp.net/dixin/anti-forgery-request-recipes-for-asp-net-mvc-and-ajax
Django Ajax Post 帶有 HTML 內容,使用 JSON.stringify 然后 json.loads 錯誤
[英]Django Ajax Post with HTML content using JSON.stringify then json.loads error
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.