我尝试使用带有JSON.stringify的Anti Forgery令牌,我检查了很多网站,但我没有成功。这是我的ajax代码删除一些信息没有任何问题。现在我添加防伪标记,我不知道如何更改我的ajax代码以正常工作。我还将ValidateAntiForgeryToken添加到我的操作中。
<script src="../../Scripts/jquery-1.8.3.js"></script>
<script src="../../Scripts/jquery-ui-1.9.2.custom.js"></script>
<script>
$(function () {
$(":checkbox").change(function () {
var $this = $(this);
if ($this.is(":checked")) {
$this.closest("tr").addClass("SlectedtRow");
} else {
$this.closest("tr").removeClass("SlectedtRow");
}
})
var tittle = '';
var url = '';
$("#dialog").dialog({
autoOpen: false,
width: 400,
modal: true,
resizable: false,
buttons: [
{
text: "بلی",
click: function () {
Delete();
$(this).dialog("close");
}
},
{
text: "خیر",
click: function () {
$(this).dialog("close");
}
}
]
});
var IsActive
// Link to open the dialog
$(".insertBtn").click(function (event) {
var IsSelected = false;
var ModalText = " آیا کاربر ";
$('#userForm input:checked').each(function () {
ModalText += this.value + " - "
IsSelected = true;
});
if (IsSelected) {
document.getElementById('ErrorContent').style.display = "none";
ModalText = ModalText.slice(0, -2);
if (this.id == 'DeleteUser') {
ModalText += " حذف گردد "
tittle = 'حذف کاربر'
url = '@Url.Action("DeleteUser", "UserManagement")';
}
else if (this.id == 'InActiveUser') {
ModalText += " غیر فعال گردد "
tittle = 'تغییر فعالیت کاربر '
url = '@Url.Action("ChangeActiveStatus", "UserManagement")';
IsActive = false;
}
else if (this.id == 'ActiveUser') {
ModalText += " فعال گردد "
tittle = 'تغییر فعالیت کاربر '
url = '@Url.Action("ChangeActiveStatus", "UserManagement")';
IsActive = true;
}
$('#ModalMessgae').text(ModalText);
$("#dialog").dialog("open");
$("#ui-id-1").text(tittle);
event.preventDefault();
} })
function Delete() {
var list = [];
$('#userForm input:checked').each(function () {
list.push(this.id);
});
var parameters = {};
if (url == '@Url.Action("DeleteUser", "UserManagement")') {
parameters = JSON.stringify(list);
}
else {
parameters = JSON.stringify({ "userId": list, "ISActive": IsActive });
}
$.ajax({
url: url,
type: 'POST',
contentType: 'application/json; charset=utf-8',
dataType: "html",
traditional: true,
data: parameters,
success: function (data, textStatus, jqXHR) {
$('#updateAjax').html(data);
},
error: function (data) {
$('#updateAjax').html(data);
}
}); //end ajax
}
});
</script>
// HTML
@using Common.UsersManagement.Entities;
@model IEnumerable<VwUser>
@{
Layout = "~/Views/Shared/Master.cshtml";
}
<form id="userForm">
<div id="updateAjax">
@Html.AntiForgeryToken()
@if (string.IsNullOrWhiteSpace(ViewBag.MessageResult) == false)
{
<div class="@ViewBag.cssClass">
@Html.Label(ViewBag.MessageResult as string)
</div>
<br />
}
<table class="table" cellspacing="0">
@foreach (VwUser Item in Model)
{
<tr class="@(Item.IsActive ? "tRow" : "Disable-tRow")">
<td class="tbody">
<input type="checkbox" id="@Item.Id" name="selected" value="@Item.FullName"/></td>
<td class="tbody">@Item.FullName</td>
<td class="tbody">@Item.Post</td>
<td class="tbody">@Item.Education</td>
</tr>
}
</table>
</div>
<br />
<br />
@if (!Request.IsAjaxRequest())
{
<div class="btnContainer">
<a href="#" id="DeleteUser" class="insertBtn">delete </a>
<br />
<br />
</div>}
答案 0 :(得分:3)
这可能对某人有帮助。您需要做的就是在jquery和cshtml中的任何地方添加以下行。
jquery的:
var token = $('#userForm input[name="__RequestVerificationToken"]').val();
// ....
//include {__RequestVerificationToken:token} in your json result.
//For example,
JSON.stringify({ __RequestVerificationToken:token, "userId": list, "ISActive": IsActive })
CSHTML:
<form id="userForm">
@Html.AntiForgeryToken()
<div id="updateAjax">
...
</div>
</form>
另外,删除
contentType: "application/json; charset=utf-8"
请阅读以下链接 https://nozzlegear.com/blog/send-and-validate-an-asp-net-antiforgerytoken-as-a-request-header
答案 1 :(得分:2)
默认情况下,AJAX POST不会检查Antiforgerytokens。您可以通过覆盖OnAuthorization来启用它,如下所示:AJAX AntiforgeryToken
答案 2 :(得分:-1)