所需的防伪cookie“__RequestVerificationToken”不存在。 MVC 5

时间:2015-06-22 02:10:56

标签: asp.net-mvc cookies

“所需的防伪cookie”__RequestVerificationToken“不存在。”

当用户尝试注册时,很少出现。

我正在使用Elmah跟踪器。来自客户端的数据具有表单字段“__RequestVerificationToken”。

我找不到原因。请查看以下数据。

提前致谢。

<error application="/LM/W3SVC/3/ROOT" host="N816A" type="System.Web.Mvc.HttpAntiForgeryException" message="The required anti-forgery cookie "__RequestVerificationToken" is not present." source="System.Web.WebPages" detail="System.Web.Mvc.HttpAntiForgeryException (0x80004005): The required anti-forgery cookie "__RequestVerificationToken" is not present.
 at System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken)
 at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext)
 at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor)
 at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<BeginInvokeAction>b__19(AsyncCallback asyncCallback, Object asyncState)" time="2015-06-20T10:35:41.3420000Z" statusCode="500">
<serverVariables>
<item name="ALL_HTTP">
<value string="HTTP_CONNECTION:keep-alive
 HTTP_CONTENT_LENGTH:328
 HTTP_CONTENT_TYPE:application/x-www-form-urlencoded
 HTTP_ACCEPT:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
 HTTP_ACCEPT_ENCODING:gzip, deflate
 HTTP_ACCEPT_LANGUAGE:en-us
 HTTP_HOST:www.----.com
 HTTP_REFERER:https://www.----.com/Account/Login
 HTTP_USER_AGENT:Mozilla/5.0 (iPad; CPU OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F69 Safari/600.1.4
 HTTP_ORIGIN:https://www.----.com
 "/>
</item>
<item name="ALL_RAW">
<value string="Connection: keep-alive
 Content-Length: 328
 Content-Type: application/x-www-form-urlencoded
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
 Accept-Encoding: gzip, deflate
 Accept-Language: en-us
 Host: www.----.com
 Referer: https://www.----.com/Account/Login
 User-Agent: Mozilla/5.0 (iPad; CPU OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F69 Safari/600.1.4
 Origin: https://www.----.com
 "/>
</item>
<item name="APPL_MD_PATH">
<value string="/LM/W3SVC/3/ROOT"/>
</item>
<item name="APPL_PHYSICAL_PATH">
<value string="D:\WebSite\----\"/>
</item>
<item name="AUTH_TYPE">
<value string=""/>
</item>
<item name="AUTH_USER">
<value string=""/>
</item>
<item name="AUTH_PASSWORD">
<value string="*****"/>
</item>
<item name="LOGON_USER">
<value string=""/>
</item>
<item name="REMOTE_USER">
<value string=""/>
</item>
<item name="CERT_COOKIE">
<value string=""/>
</item>
<item name="CERT_FLAGS">
<value string=""/>
</item>
<item name="CERT_ISSUER">
<value string=""/>
</item>
<item name="CERT_KEYSIZE">
<value string="128"/>
</item>
<item name="CERT_SECRETKEYSIZE">
<value string="2048"/>
</item>
<item name="CERT_SERIALNUMBER">
<value string=""/>
</item>
<item name="CERT_SERVER_ISSUER">
<value string="C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO SSL CA"/>
</item>
<item name="CERT_SERVER_SUBJECT">
<value string="OU=Domain Control Validated, OU="Hosted by Korea Information Certificate Authority, Inc.", OU=COMODO SSL, CN=www.----.com"/>
</item>
<item name="CERT_SUBJECT">
<value string=""/>
</item>
<item name="CONTENT_LENGTH">
<value string="328"/>
</item>
<item name="CONTENT_TYPE">
<value string="application/x-www-form-urlencoded"/>
</item>
<item name="GATEWAY_INTERFACE">
<value string="CGI/1.1"/>
</item>
<item name="HTTPS">
<value string="on"/>
</item>
<item name="HTTPS_KEYSIZE">
<value string="128"/>
</item>
<item name="HTTPS_SECRETKEYSIZE">
<value string="2048"/>
</item>
<item name="HTTPS_SERVER_ISSUER">
<value string="C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO SSL CA"/>
</item>
<item name="HTTPS_SERVER_SUBJECT">
<value string="OU=Domain Control Validated, OU="Hosted by Korea Information Certificate Authority, Inc.", OU=COMODO SSL, CN=www.----.com"/>
</item>
<item name="INSTANCE_ID">
<value string="3"/>
</item>
<item name="INSTANCE_META_PATH">
<value string="/LM/W3SVC/3"/>
</item>
<item name="LOCAL_ADDR">
<value string="10.57.14.250"/>
</item>
<item name="PATH_INFO">
<value string="/Account/Register"/>
</item>
<item name="PATH_TRANSLATED">
<value string="D:\WebSite\----\Account\Register"/>
</item>
<item name="QUERY_STRING">
<value string=""/>
</item>
<item name="REMOTE_ADDR">
<value string="222.152.222.107"/>
</item>
<item name="REMOTE_HOST">
<value string="222.152.222.107"/>
</item>
<item name="REMOTE_PORT">
<value string="57745"/>
</item>
<item name="REQUEST_METHOD">
<value string="POST"/>
</item>
<item name="SCRIPT_NAME">
<value string="/Account/Register"/>
</item>
<item name="SERVER_NAME">
<value string="www.----.com"/>
</item>
<item name="SERVER_PORT">
<value string="443"/>
</item>
<item name="SERVER_PORT_SECURE">
<value string="1"/>
</item>
<item name="SERVER_PROTOCOL">
<value string="HTTP/1.1"/>
</item>
<item name="SERVER_SOFTWARE">
<value string="Microsoft-IIS/7.5"/>
</item>
<item name="URL">
<value string="/Account/Register"/>
</item>
<item name="HTTP_CONNECTION">
<value string="keep-alive"/>
</item>
<item name="HTTP_CONTENT_LENGTH">
<value string="328"/>
</item>
<item name="HTTP_CONTENT_TYPE">
<value string="application/x-www-form-urlencoded"/>
</item>
<item name="HTTP_ACCEPT">
<value string="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"/>
</item>
<item name="HTTP_ACCEPT_ENCODING">
<value string="gzip, deflate"/>
</item>
<item name="HTTP_ACCEPT_LANGUAGE">
<value string="en-us"/>
</item>
<item name="HTTP_HOST">
<value string="www.----.com"/>
</item>
<item name="HTTP_REFERER">
<value string="https://www.----.com/Account/Login"/>
</item>
<item name="HTTP_USER_AGENT">
<value string="Mozilla/5.0 (iPad; CPU OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F69 Safari/600.1.4"/>
</item>
<item name="HTTP_ORIGIN">
<value string="https://www.----.com"/>
</item>
</serverVariables>
<form>
<item name="__RequestVerificationToken">
<value string="NfS-jtWU5SbI8M605BxJI9soh5wRn0BSrDoxLUFbwH_rQfwWZ3R60I1h2uPosZOMnhYpcjgh5Mg5tjDDziNKGZBFTVw1"/>
</item>
<item name="UserName">
<value string="----"/>
</item>
<item name="Password">
<value string="----"/>
</item>
<item name="ConfirmPassword">
<value string="----"/>
</item>
<item name="RealName">
<value string="Earl ----"/>
</item>
<item name="Email">
<value string="----@gmail.com"/>
</item>
<item name="Birth">
<value string="1984-05-08"/>
</item>
<item name="PhoneNumber">
<value string="083566----"/>
</item>
<item name="AcceptPolicyAndTerm">
<value string="true"/>
<value string="false"/>
</item>
</form>
<cookies>
<item name="ASP.NET_SessionId">
<value string="1avxrf2rgcawh0nywaed03bd"/>
</item>
</cookies>
</error>

1 个答案:

答案 0 :(得分:3)

AntiForgeryTokens基于登录用户的名称等,因此它将失败并抛出错误。看起来这就是你在Login方法上发生的事情。基本上,将未授权用户的令牌与授权用户的预期令牌值进行比较。

您可能必须从登录页面删除防伪令牌。关于这个主题已经有很多长期讨论,没有人能达成共识。

以下是其中一些:

相关问题
最新问题