zoukankan      html  css  js  c++  java
  • How can I supply an AntiForgeryToken when posting JSON data using $.ajax?

    How can I supply an AntiForgeryToken when posting JSON data using $.ajax?

    回答1

    You don't need the ValidationHttpRequestWrapper solution since MVC 4. According to this link.

    1. Put the token in the headers.
    2. Create a filter.
    3. Put the attribute on your method.

    Here is my solution:

    var token = $('input[name="__RequestVerificationToken"]').val();
    var headers = {};
    headers['__RequestVerificationToken'] = token;
    $.ajax({
        type: 'POST',
        url: '/MyTestMethod',
        contentType: 'application/json; charset=utf-8',
        headers: headers,
        data: JSON.stringify({
            Test: 'test'
        }),
        dataType: "json",
        success: function () {},
        error: function (xhr) {}
    });
    [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false, Inherited = true)]
    public class ValidateJsonAntiForgeryTokenAttribute : FilterAttribute, IAuthorizationFilter
    {
        public void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext == null)
            {
                throw new ArgumentNullException("filterContext");
            }
    
            var httpContext = filterContext.HttpContext;
            var cookie = httpContext.Request.Cookies[AntiForgeryConfig.CookieName];
            AntiForgery.Validate(cookie != null ? cookie.Value : null, httpContext.Request.Headers["__RequestVerificationToken"]);
        }
    }
    
    
    [HttpPost]
    [AllowAnonymous]
    [ValidateJsonAntiForgeryToken]
    public async Task<JsonResult> MyTestMethod(string Test)
    {
        return Json(true);
    }

    回答2

    What is wrong is that the controller action that is supposed to handle this request and which is marked with the [ValidateAntiForgeryToken] expects a parameter called __RequestVerificationToken to be POSTed along with the request.

    There's no such parameter POSTed as you are using JSON.stringify(data) which converts your form to its JSON representation and so the exception is thrown.

    So I can see two possible solutions here:

    Number 1: Use x-www-form-urlencoded instead of JSON for sending your request parameters:

    data["__RequestVerificationToken"] = $('[name=__RequestVerificationToken]').val();
    data["fiscalyear"] = fiscalyear;
    // ... other data if necessary
    
    $.ajax({
        url: url,
        type: 'POST',
        context: document.body,
        data: data,
        success: function() { refresh(); }
    });

    Number 2: Separate the request into two parameters:

    data["fiscalyear"] = fiscalyear;
    // ... other data if necessary
    var token = $('[name=__RequestVerificationToken]').val();
    
    $.ajax({
        url: url,
        type: 'POST',
        context: document.body,
        data: { __RequestVerificationToken: token, jsonRequest: JSON.stringify(data) },
        success: function() { refresh(); }
    });

    So in all cases you need to POST the __RequestVerificationToken value.

  • 相关阅读:
    经典排序算法之直接选择排序
    经典排序算法之归并排序
    经典排序算法之希尔排序
    MAC自带的SVN进行升级
    磁盘随机读写与顺序读写性能对比
    事务锁与脏读、不可重复读、幻读
    处理vue页面406问题纪要
    url-pattern / 与/* 的区别
    打印 request 请求中的参数
    [转] Slf4j MDC机制
  • 原文地址:https://www.cnblogs.com/chucklu/p/13713952.html
Copyright © 2011-2022 走看看