我正在使用Visual Studio 2013 ASP.NET身份模板。 用户成功登录后,用户将转到带有表的页面。 页面有搜索选项,搜索功能是javascript驱动的 javascript以ajax请求的形式发送用户选择的参数 我遇到了问题,因为AJAX请求从客户端构造良好并发送到正确的URL但它立即被重定向并且参数丢失。 我不确定是否会发生这种情况,因为请求应该经过身份验证/授权。我尝试了以下
$.ajax({
type: 'POST',
url: '<%=Config.VirtualDir %>listings.aspx' + '?filterattribute=y&call=ajax',
data: { 'zipcode': ZipCode, 'bedrooms': BedRooms, 'bathrooms': Bathroom, 'SquareFeetMin': SquareFeetMin, 'SquareFeetMax': SquareFeetMax, 'PriceMin': MinPrice, 'PriceMax': MaxPrice, 'Radius': Radius, 'Years': Years, 'IntRate': IntRate, 'DownPayment': DownPayment, 'sort': ddlsort, 'crfrom': capfrom, 'crto': capto, 'cffrom': cflowfrom, 'cfto': cflowto, 'roifrom': roifrom, 'roito': roito, 'vefrom': vefrom, 'veto': veto, 'chksupp': supp, 'undadd': undadd },
beforeSend: function(xhr){
xhr.withCredentials = true;
},
success: function (response) {
$('#DivRender').html(response);
DisplayPaging();
UpdateDropDowns();
$.hideprogress();
}
});
我检查了如何在Fiddler中处理请求,这是发生了什么
Request1
POST /listings.aspx?filterattribute=y&call=ajax HTTP/1.1
Host: localhost:1794
Connection: keep-alive
Content-Length: 277
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8,sv;q=0.6
Cookie: 83VLqQgggt8=CfDJ8EqbzpbyFkFAtEyP1X9rGYWcW8ryXAnh-VbYXDpLXBhNXU5Brq_PAiggJHvIwAXK2yZZPz5_NBCSTjV9FYC1O6PEvmGVe9r8feB74Rjc0hANEjsG_Pf6k6iwYdnRRxxHDD5qSRAAYJHGa3LpH4MOlww; .AspNet.Microsoft.AspNet.Identity.Application=CfDJ8EqbzpbyFkFAtEyP1X9rGYUDNW-ipW7_DjFWLk0XMejiHWRdCnQmZMipzvTZJcnYL3ncfpETFYsVA3s2UHEnvkUJEbxPIBfuNNoRLQrhaoJaegw78lGv1XWRXgJ9g5GikhXprPsC9Nt8n7Wt6UVT24Wao-CHiVHVZVOX3weXu8Eu48W8gEhnXzvG1Vx57tGWPiSbu9mJiIOXoJyO-ybxNuontF7g6hfCAi0f9ohonq2Mal9xWhVtHWUQnIYTdlrbnueX6guTMyCPmS8augNyZSAmGqRfCr9KfoTYy4bAjIaOpxKANS6qeTQdCP07oB_axsNJ1QS1RsxWIj5EHFeENARKK2GEcnKL_mZyRzsvzTWJooyc6b0EfsEOOG48qJiohxQUu8CL_Ag0WdLIvyOyg_6-mFjHEHLatYqRXs_UQgsM0bYABG98p-UlgADehXJ8MyjRDpvT_0K20VnLJPFKUY0bbmBDsg5U34cMBsTfz4qndFr4jsjQDuXlRPCXroyFkHqsefajLHHtW4A5iwniKjNExd_MS9yQZfsXg3DDAPqzg2ZCaFTvrPwMbwyMG6Z5INW0RdShtbtRc_GYWruu0WOQpzcjcfhOZv6x5SLgFGlEYxImME6He1rfZmcAjxb28mmOZWmTRjtE5eqEmAQkGGI; QeabOx42yKQ=CfDJ8EqbzpbyFkFAtEyP1X9rGYUuSJv5TYKtxst2zuRG2lWOmZp_VfHjxfZaE_bUCEWq2rteZo2wx91WWM0BLDhC-RS_LeSjhlbsCNd_Xa-eaQtKHCg6kt0fov8WuunyJBTisOKqkyoEk9a0eBKp8yDptK0; ai_user=18AE4C91-FECF-494B-B67A-486D1A2F5164|2015-08-25T03:19:36.296Z; __AntiXsrfToken=b7689c9fd71643389b3ab3c2e5543f3c; .AspNet.ApplicationCookie=dMOEe4RBWpIuwm_zyjhPKFhEsS2cMLLybv6DeO0-aDn4oo_jTyQq6WzPSmF-GZZa7SDjfs9HSnlWcQyQgP0G9LE_DK9ZPbzeb2tcsu3GNnPkP1LGJz8wmL8JLRh_T4s-o-ZNCnFtbESkQYrQlIX3vBc2FZ0-Kh4dz6T0pGldEQHWXkkTQlUxIlnP5Z224VRL_E9UpbjWBbBxuLXGyAq6IXBiBsK-6q5jhw58FsYp4VnIGp3qM4mdG7lWYP_NcYDt4Z0fMW34p0VaWPImef2CsrLMiBODWDhm-0ogS9fkGpa0_lQHE-H3nvcSUN6cpmqSDA7lZ7EzZjQRsv-09SttMouf9mf3qwaRbjcoxxOez_pzcAypDgkFjnPbdtyDK-9MXyIRajT8pay9mRc-YlpjoZgwW3Ww3de1a4qeRJB7zLNr2Ec8gGVZEFRakUIfIj-RSn4a9vmhETk5UTE8X-Yc99AMDnauKhmg5y09GwhGdO1Iv62kauaD_Kpxq14ATfCu; .ASPXAUTH=1647B3E8FA3AB2D87B584B214BF8BFEB3390BBBE6BBB9F35B6C01A8E2DDB4D3A31A2F1906E93298C87D5FE9A6E1D869D055A1CC2BE6B1A25316B1BEA229E144D2D1FAB1B038013DD96DE9BA072C6511A10526A34DC959868C808FCD458ADDF40DAB7856C3639D74AC00AFD21166D6ED5DF82726E
zipcode=92801%2C92802%2C92804%2C92805%2C92806%2C92807
Response 1: HTTP/1.1 301 Moved Permanently
**Second Immediate Request**
GET /listings?filterattribute=y&call=ajax HTTP/1.1
Host: localhost:1794
Connection: keep-alive
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,sv;q=0.6
Cookie: 83VLqQgggt8=CfDJ8EqbzpbyFkFAtEyP1X9rGYWcW8ryXAnh-VbYXDpLXBhNXU5Brq_PAiggJHvIwAXK2yZZPz5_NBCSTjV9FYC1O6PEvmGVe9r8feB74Rjc0hANEjsG_Pf6k6iwYdnRRxxHDD5qSRAAYJHGa3LpH4MOlww; .AspNet.Microsoft.AspNet.Identity.Application=CfDJ8EqbzpbyFkFAtEyP1X9rGYUDNW-ipW7_DjFWLk0XMejiHWRdCnQmZMipzvTZJcnYL3ncfpETFYsVA3s2UHEnvkUJEbxPIBfuNNoRLQrhaoJaegw78lGv1XWRXgJ9g5GikhXprPsC9Nt8n7Wt6UVT24Wao-CHiVHVZVOX3weXu8Eu48W8gEhnXzvG1Vx57tGWPiSbu9mJiIOXoJyO-ybxNuontF7g6hfCAi0f9ohonq2Mal9xWhVtHWUQnIYTdlrbnueX6guTMyCPmS8augNyZSAmGqRfCr9KfoTYy4bAjIaOpxKANS6qeTQdCP07oB_axsNJ1QS1RsxWIj5EHFeENARKK2GEcnKL_mZyRzsvzTWJooyc6b0EfsEOOG48qJiohxQUu8CL_Ag0WdLIvyOyg_6-mFjHEHLatYqRXs_UQgsM0bYABG98p-UlgADehXJ8MyjRDpvT_0K20VnLJPFKUY0bbmBDsg5U34cMBsTfz4qndFr4jsjQDuXlRPCXroyFkHqsefajLHHtW4A5iwniKjNExd_MS9yQZfsXg3DDAPqzg2ZCaFTvrPwMbwyMG6Z5INW0RdShtbtRc_GYWruu0WOQpzcjcfhOZv6x5SLgFGlEYxImME6He1rfZmcAjxb28mmOZWmTRjtE5eqEmAQkGGI; QeabOx42yKQ=CfDJ8EqbzpbyFkFAtEyP1X9rGYUuSJv5TYKtxst2zuRG2lWOmZp_VfHjxfZaE_bUCEWq2rteZo2wx91WWM0BLDhC-RS_LeSjhlbsCNd_Xa-eaQtKHCg6kt0fov8WuunyJBTisOKqkyoEk9a0eBKp8yDptK0; ai_user=18AE4C91-FECF-494B-B67A-486D1A2F5164|2015-08-25T03:19:36.296Z; __AntiXsrfToken=b7689c9fd71643389b3ab3c2e5543f3c; .AspNet.ApplicationCookie=dMOEe4RBWpIuwm_zyjhPKFhEsS2cMLLybv6DeO0-aDn4oo_jTyQq6WzPSmF-GZZa7SDjfs9HSnlWcQyQgP0G9LE_DK9ZPbzeb2tcsu3GNnPkP1LGJz8wmL8JLRh_T4s-o-ZNCnFtbESkQYrQlIX3vBc2FZ0-Kh4dz6T0pGldEQHWXkkTQlUxIlnP5Z224VRL_E9UpbjWBbBxuLXGyAq6IXBiBsK-6q5jhw58FsYp4VnIGp3qM4mdG7lWYP_NcYDt4Z0fMW34p0VaWPImef2CsrLMiBODWDhm-0ogS9fkGpa0_lQHE-H3nvcSUN6cpmqSDA7lZ7EzZjQRsv-09SttMouf9mf3qwaRbjcoxxOez_pzcAypDgkFjnPbdtyDK-9MXyIRajT8pay9mRc-YlpjoZgwW3Ww3de1a4qeRJB7zLNr2Ec8gGVZEFRakUIfIj-RSn4a9vmhETk5UTE8X-Yc99AMDnauKhmg5y09GwhGdO1Iv62kauaD_Kpxq14ATfCu; .ASPXAUTH=1647B3E8FA3AB2D87B584B214BF8BFEB3390BBBE6BBB9F35B6C01A8E2DDB4D3A31A2F1906E93298C87D5FE9A6E1D869D055A1CC2BE6B1A25316B1BEA229E144D2D1FAB1B038013DD96DE9BA072C6511A10526A34DC959868C808FCD458ADDF40DAB7856C3639D74AC00AFD21166D6ED5DF82726E
如何确保ajax post请求与请求一起发送会话cookie,以便重定向不会发生。
答案 0 :(得分:0)
如果您想确保不受身份验证重定向的影响:
查看你的OWIN Startup类,你应该有这样的一行(取自默认的MVC,对于Web API来说类似):
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
});
此处的LoginPath
属性会将所有未经身份验证的请求(如果请求需要授权)重定向到指定的路径。
在没有LoginPath的情况下再次尝试您的AJAX请求,您可能会获得401 Unauthorized。
如果您想保留LoginPath
重定向但不希望它影响您的AJAX调用,请查看this post from Brock Allen,以便根据请求的应用程序以不同方式处理401.
答案 1 :(得分:0)
在您的情况下,最好使用[WebMethod]
而不是向页面发送请求。在WebMethod中,您也可以访问Session。