我的控制器正在抛出错误
所需的防伪表格字段“__RequestVerificationToken”不存在。
但这正是我在做的事情
查看
@using (Html.BeginForm(new { ReturnUrl = ViewBag.ReturnUrl }))
{
@Html.AntiForgeryToken()
@Html.ValidationSummary()
<fieldset>
<legend>Log in Form</legend>
<ol>
<li>
@Html.LabelFor(m => m.UserName)
@Html.TextBoxFor(m => m.UserName)
</li>
<li>
@Html.LabelFor(m => m.Password)
@Html.PasswordFor(m => m.Password)
</li>
<li>
@Html.LabelFor(m => m.RememberMe)
@Html.CheckBoxFor(m => m.RememberMe)
</li>
CONTROLLER
[AllowAnonymous]
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (Membership.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
return RedirectToCreateUserProfile(model, returnUrl);
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
一旦通过身份验证,我就会被重定向到主页
然后我点击菜单选项向我显示用户个人资料,我收到上述错误
布局视图(显示所需的更多代码,但希望使JS导致问题)
<!DOCTYPE html>
<html>
<head>
<title>@ViewBag.Title</title>
<link href="@Url.Content("~/Content/Site.css")" rel="stylesheet" type="text/css" />
<link href="@Url.Content("~/Content/kendo/2013.2.918/kendo.common.min.css")" rel="stylesheet" type="text/css" />
<link href="@Url.Content("~/Content/kendo/2013.2.918/kendo.dataviz.min.css")" rel="stylesheet" type="text/css" />
<link href="@Url.Content("~/Content/kendo/2013.2.918/kendo.metro.min.css")" rel="stylesheet" type="text/css" />
<link href="@Url.Content("~/Content/kendo/2013.2.918/kendo.dataviz.metro.min.css")" rel="stylesheet" type="text/css" />
<script src="@Url.Content("~/Scripts/kendo/2013.2.918/jquery.min.js")"></script>
<script src="@Url.Content("~/Scripts/kendo/2013.2.918/kendo.all.min.js")"></script>
<script src="@Url.Content("~/Scripts/kendo/2013.2.918/kendo.aspnetmvc.min.js")"></script>
<script src="@Url.Content("~/Scripts/kendo.modernizr.custom.js")"></script>
<script type="text/javascript">
var _gaq = _gaq || [];
var pluginUrl =
'//www.google-analytics.com/plugins/ga/inpage_linkid.js';
_gaq.push(['_require', 'inpage_linkid', pluginUrl]);
_gaq.push(['_setAccount', 'UA-44529127-1']);
_gaq.push(['_trackPageview']);
(function () {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
</head>
<body>
<header>
<div class="content-wrapper">
<div class="float-left">
<p class="site-title">@Html.ActionLink("your logo here", "Index", "Home")</p>
</div>
<div class="float-right">
<section id="login">
@Html.Partial("_LoginPartial")
</section>
<nav>
<ul id="menu">
<li>@Html.ActionLink("Home", "Index", "Home")</li>
<li>@Html.ActionLink("About", "About", "Home")</li>
<li>@Html.ActionLink("Contact", "Contact", "Home")</li>
@if (User.IsInRole("Admin"))
{
<li>@Html.ActionLink("API", "Index", "Help", new { area = "" }, null)</li>
}
</ul>
</nav>
</div>
</div>
</header>
<div id="body">
@if (Request.IsAuthenticated)
{
<ul id="IndexHomeMenu">
@if (User.IsInRole("Admin"))
{
<li>
Administration@*@Html.ActionLink("Administration", "Contact", "Home")*@
<ul>
<li>@Html.ActionLink("Manage Roles", "Index", "AdminView")</li>
<li>@Html.ActionLink("Manage Users", "Contact", "Home")</li>
<li>@Html.ActionLink("Inactive Reasons", "Index", "InactiveReasonView")</li>
</ul>
</li>
}
<li>
My Information
<ul>
<li>@Html.ActionLink("Profile", "EditByName", "UserView", new { UserName = User.Identity.Name }, new { @class = "selected" })</li>
<li>@Html.ActionLink("Phone Numbers", "Active", "PhoneNumberView",new {userName= User.Identity.Name },null)</li>
<li>@Html.ActionLink("Address's", "Active", "AddressView",new {userName= User.Identity.Name },null)</li>
@if(!User.IsInRole("Clients")){
<li>@Html.ActionLink("Subscription", "Index", "AdminView")</li>}
</ul>
我点击
CONTROLLER
[ValidateAntiForgeryToken]
public ActionResult EditByName(string userName)//EditByName
{
if (User.Identity.IsAuthenticated)
{
UserModel usermodel = repository.Get(User.Identity.Name);// db.UserModels.Find(id);
if (usermodel == null)
{
return RedirectToAction("Create","UserView", User.Identity.Name);
}
return View(usermodel);
}
else { return RedirectToAction("Login", controllerName: "AccountView"); }
}
这是发生错误的时间。我不知道什么是遗失的,我正在创建令牌,它在所有形式上。
答案 0 :(得分:2)
您正在使用GET操作上的[ValidateAntiForgeryToken](EditByName操作),而它适用于POST操作。
请参阅[ValidateAntiForgeryToken]目的question和article,了解如何使用它来防止CSRF攻击。
答案 1 :(得分:1)
从[ValidateAntiForgeryToken] EditByName - 操作方法中删除GET。
另外,请使用[Authorize] atrribute而不是if (User.Identity.IsAuthenticated)。
任何用户都可以编辑任何个人资料,只要他们知道用户名吗?