MVC4 Jquery ajax请求头AntiForgery.Validate提供的防伪令牌适用于用户“”,但当前用户是“UserName”

时间:2013-10-01 16:28:28

标签: jquery asp.net-mvc-4 asp.net-web-api antiforgerytoken

我使用的是Asp.net MVC4 Jquery ajax,我正在使用请求标头传递令牌......

这里的例外情况是:提供的防伪令牌适用于用户“”,但当前用户是“UserName”。

我试过这里的回答Anti forgery token is meant for user "" but the current user is "username" 第三种解决方案却无法成功..

请任何人帮助我如何按照上面给出的答案实现前2个步骤...

或任何其他解决方案,请告诉我......

//视图

<script type="text/javascript">

    var JsTokenHeaderValue = '@Utils.TokenHeaderValue()';

</script>

// Antivalidationforgery令牌:

private Task<HttpResponseMessage> ValidateAntiForgeryToken(HttpActionContext actionContext, CancellationToken cancellationToken, Func<Task<HttpResponseMessage>> continuation)
        {
            try
            {
                string cookieToken = "";
                string formToken = "";
                IEnumerable<string> tokenHeaders;
                if (actionContext.Request.Headers.TryGetValues("RequestVerificationToken", out tokenHeaders))
                {
                    string[] tokens = tokenHeaders.First().Split(':');
                    if (tokens.Length == 2)
                    {
                        cookieToken = tokens[0].Trim();
                        formToken = tokens[1].Trim();
                    }
                }
                AntiForgery.Validate(cookieToken, formToken);
            }
            catch (System.Web.Mvc.HttpAntiForgeryException exception)
            {

                ErrorLogDA.LogException(exception);

                actionContext.Response = new HttpResponseMessage
                {
                    StatusCode = HttpStatusCode.BadRequest,
                    RequestMessage = actionContext.ControllerContext.Request
                };
                return FromResult(actionContext.Response);
            }
            return continuation();
        }

我在这里更新我的问题令牌是由于会员级,用户在没有登录的情况下获得身份验证。在我的情况下我第一次做页面加载然后Cookies获取值null和第二次页面加载cookie从一些获取值其中.ASPXAUTH ..这就是为什么令牌问题可能..这里是标题的控制器方法..

//标题部分 - 控制器

 public ActionResult UCHeader()
        {
            try
            {

                var ViewLogOnModel = new LogOnModel();

                HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
                if (authCookie == null)
                {
                    ViewLogOnModel.LoggedInUserId = Guid.Empty;
                    return PartialView("UCHeader", ViewLogOnModel);
                }

                //Is Authenticated..
                if (User.Identity.IsAuthenticated == true)
                {
                    if (User.Identity.AuthenticationType == "Forms")
                    {
                        MembershipUser memberUser = Common.Utils.GetLoggedinUserInfo(this.User.Identity.Name);

                        if (memberUser != null)
                        {
                            Guid userId = (Guid)memberUser.ProviderUserKey;

                            ViewLogOnModel.LoggedInUserId = userId;

                            ViewLogOnModel.UserEmail = this.User.Identity.Name;

                            return PartialView("UCHeader", ViewLogOnModel);
                        }
                        else
                        {

                            ViewLogOnModel.LoggedInUserId = Guid.Empty;
                            return PartialView("UCHeader", ViewLogOnModel);
                        }
                    }
                    else
                    {

                        ViewLogOnModel.LoggedInUserId = Guid.Empty;
                        return PartialView("UCHeader", ViewLogOnModel);
                    }

                }
                else
                {

                    ViewLogOnModel.LoggedInUserId = Guid.Empty;
                    return PartialView("UCHeader", ViewLogOnModel);
                }


            }
            catch (Exception ex)
            {
                ErrorLogDA.LogException(ex);
                Response.Redirect("~/ErrorUiLog/Index", false);
            }

            return null;
        }

0 个答案:

没有答案
相关问题
最新问题