背景
我已经阅读了本网站上很多其他帖子的类似问题,但没有与我的具体相关。我也是Uni的学生,并尝试将我的教育应用于现实世界的问题,以更深入地了解MVC,但每一步都是一项巨大的努力。 (我们研究了更具挑战性的Laravel)。这是我的第一篇文章,我期待着你的帮助。
问题
'登录'停止ajax帖子工作。
我有一个带有下拉列表的表单,这些表单是从数据库中填充的。下拉列表的目的是配置产品订购字符串。更改下拉列表后,它会触发一个ajax帖子,将表单详细信息发送回控制器方法,该方法搜索数据库以查找可能匹配的字符串,并根据所选配置仅使用可能的选项重新填充表单。
这在匿名时工作正常但登录时不会超过控制器上的[ValidateAntiForgeryToken]属性。
当我注释掉属性时,一切都很好。
经过一些研究,似乎问题与令牌是针对用户名设置的,以及登录用户名更改和令牌哈希不正确这一事实有关。
我试过AntiForgeryConfig.SuppressIdentityHeuristicChecks = true;在Application_Start()中无济于事。
如果是这种情况,我有两个问题:
如果不是这样,那么我还能看到什么呢?
查看(_ config.cshtml)
@model HomeWeb.Models.RtcgConfigurationModel
@using (Html.BeginForm("updateDB", "Rtcg", FormMethod.Post, new { enctype = "multipart/form-data" }))
{
@Html.AntiForgeryToken()
<div class="form-horizontal">
<h3>Configure RTCG</h3>
<hr />
@Html.ValidationSummary(true)
<div class="form-group">
@Html.LabelFor(model => model.RtcgCabinetType, "Cabinet Type", new { @class = "control-label col-md-5" })
<div class="col-md-7">
@Html.DropDownListFor(model => Model.RtcgCabinetType, Model.Cabinets, new { onchange = "changed();" })
@Html.ValidationMessageFor(model => model.RtcgCabinetType)
</div>
</div>
<div class="form-group">
@Html.LabelFor(model => model.RtcgAdaptorType, "Adaptor Type", new { @class = "control-label col-md-5" })
<div class="col-md-7">
@Html.DropDownListFor(model => Model.RtcgAdaptorType, Model.Adaptors, new { onchange = "changed();" })
@Html.ValidationMessageFor(model => model.RtcgAdaptorType)
</div>
</div>
<div class="form-group">
@Html.LabelFor(model => model.RtcgQtyAdaptors, "Adaptor Qty.", new { @class = "control-label col-md-5" })
<div class="col-md-7">
@Html.DropDownListFor(model => Model.RtcgQtyAdaptors, Model.AdaptorQtys, new { onchange = "changed();" })
@Html.ValidationMessageFor(model => model.RtcgQtyAdaptors)
</div>
</div>
<div class="form-group">
@Html.LabelFor(model => model.RtcgTerminationMethod, "Termination", new { @class = "control-label col-md-5" })
<div class="col-md-7">
@Html.DropDownListFor(model => Model.RtcgTerminationMethod, Model.TerminationMethods)
@Html.ValidationMessageFor(model => model.RtcgTerminationMethod)
</div>
</div>
<div class="form-group">
@Html.LabelFor(model => model.RtcgFaceplateStyle, "Faceplate Style", new { @class = "control-label col-md-5" })
<div class="col-md-7">
@Html.DropDownListFor(model => Model.RtcgFaceplateStyle, Model.FacePlateStyles)
@Html.ValidationMessageFor(model => model.RtcgFaceplateStyle)
</div>
</div>
<div class="form-group">
@Html.LabelFor(model => model.RtcgScreenPrinting, "Screenprinting", new { @class = "control-label col-md-5" })
<div class="col-md-7">
@Html.DropDownListFor(model => Model.RtcgScreenPrinting, Model.ScreenPrintOptions)
@Html.ValidationMessageFor(model => model.RtcgScreenPrinting)
</div>
</div>
<div class="form-group">
@Html.LabelFor(model => model.RtcgApplication, "Fibre Type", new { @class = "control-label col-md-5" })
<div class="col-md-7">
@Html.DropDownListFor(model => Model.RtcgApplication, Model.Applications)
@Html.ValidationMessageFor(model => model.RtcgApplication)
</div>
</div>
<div class="form-group">
@Html.LabelFor(model => model.RtcgVerminProof, "Vermin Proof", new { @class = "control-label col-md-5" })
<div class="col-md-7">
@Html.DropDownListFor(model => Model.RtcgVerminProof, Model.VerminProofing)
@Html.ValidationMessageFor(model => model.RtcgVerminProof)
</div>
</div>
<div class="form-group">
<div class="col-md-offset-5 col-md-10">
<input type="submit" value="Get Quotation" class="btn btn-primary" style="float: none" />
</div>
</div>
</div>
}
<script type="text/javascript">
function changed() {
var token = $('[name=__RequestVerificationToken]').val();
var headers = {};
headers["__RequestVerificationToken"] = token;
$.ajax({
url: '/Rtcg/Ajax_DropdownChanged',
type: "POST",
data: $('form').serialize(),
headers: headers,
success: function (result) {
$('#config-form').html(result);
},
})
}
</script>
控制器
// POST: handle dropdown changes from Ajax
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Ajax_DropdownChanged(RtcgConfigurationModel formData)
{
//handle 'postback' displaying the fields.
if (ModelState.IsValid)
{
RtcgConfigurationModel model = new RtcgConfigurationModel();
using (var db = new ApplicationDbContext())
{
model.Cabinets = DisplayElement.Cabinets(formData);
model.Adaptors = DisplayElement.Adaptors(formData);
model.AdaptorQtys = DisplayElement.AdaptorQuantities(formData);
model.TerminationMethods = DisplayElement.Termination(formData);
model.FacePlateStyles = DisplayElement.Faceplates(formData);
model.ScreenPrintOptions = DisplayElement.ScreenPrinting(formData);
model.Applications = DisplayElement.Application(formData);
model.VerminProofing = DisplayElement.VerminProof(formData);
}
return PartialView("_config", model);
}
else
{
return View();
}
}
更新
未登录时,我会收到一个令牌字符串。
“__ RequestVerificationToken = Rt3m8M0YJeJ9u1TENd19Mx6wDxtU6FE208nRAOjo7Py6tkyH_pZdJfgPiXDt70UqJCf_fwasRA_7Ekc792khXWMXDzWS8x3wfXDoWNIZQVQ1&安培; RtcgCabinetType = RTC2G&安培; RtcgAdaptorType = LCD&安培; RtcgQtyAdaptors = 06&安培; RtcgTerminationMethod = FS&安培; RtcgFaceplateStyle = Z&安培; RtcgScreenPrinting = SP&安培; RtcgApplication = SM&安培; RtcgVerminProof = N”
然而,登录时我得到2个令牌(即使遵循下面的Stephens建议并删除标题)。
“__ RequestVerificationToken = d21oW7noP0WBLI_3ubvpPo7uHYPbIrsq0VzeIXgNNaxmPiMiA8IBr2N2qU3wepup5X46gpy4VaFDc_MfUhCE-SADGhwplraMk4PFt-72GpnsxTeGW2COOggVhFEAXvRyb_ofh3d-ax3Zc1twpfenUw2&安培; __ RequestVerificationToken = v0g2f1ukJlO9g1WyXqh6GS3PB_YXHo9rY75BD1Wf8voQFMMbwDFE4nKJRV20orE5nm0EBIj4LOWlo_JdUfFvm2A-364nbEwEdEyHDcJ0tVjmqYTbH1AAorg0b347vSB3KLZ00sulasO9A9_28erP0A2&安培; RtcgCabinetType = RTC2G&安培; RtcgAdaptorType = LCD&安培; RtcgQtyAdaptors = 06&安培; RtcgTerminationMethod = FS&安培; RtcgFaceplateStyle = Z&安培; RtcgScreenPrinting = SP&安培; RtcgApplication = SM&安培; RtcgVerminProof = N“
答案 0 :(得分:0)
我的问题是我的网站中有多个@ Html.AntiForgeryToken()。我正在使用部分视图,它在_LoginPartial视图中声明,以及我使用发布的表单。
这会在我的表单帖子中导致多个令牌,但验证失败。