POST JSON到Razor Page返回400

时间:2018-11-25 14:54:06

标签: .net asp.net-core .net-core razor-pages antiforgerytoken

我知道(强烈怀疑)这是因为AntiRequestForgery令牌无效。

我正在使用Fiddler发出两个请求。第一个返回具有以下形式的页面:

GET http://localhost:5000/ HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-GB,en;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393
Accept-Encoding: gzip, deflate
Host: localhost:5000
Connection: Keep-Alive
Cookie: Webstorm-c18bf75a=81231d9f-edfd-4dbe-bb5a-f6a38d7df3c8; Webstorm-e6130ebb=b043c250-7e3b-44e1-ae53-2a1fd1e938ad; ai_user=a5B0s|2018-04-18T10:45:08.497Z; Webstorm-4df43b9a=25c25d80-7f4a-4ecf-8b74-a84698ccdfbe; .AspNetCore.Antiforgery.eVFzQSsi0_I=CfDJ8ERJiHn9THRElV--1wHd1Ro9Jv2DKwgMTQr1VCL4I-TphhEyTEiHsVS0z8K-Jyz_6VMNQETIEk3Yi5czv3rgMAwzmG76UrsB078j5oPJ8m6esxBQ8zLH9OEpeXqMDu570wRLkCSEQPyTIakVibTOmEM
HTTP/1.1 200 OK
Date: Sun, 25 Nov 2018 14:44:15 GMT
Content-Type: text/html; charset=utf-8
Server: Kestrel
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 697

<!DOCTYPE html>

<html>
<head>
    <meta name="viewport" content="width=device-width" />
    <title>Index</title>
</head>
<body>
<article>
    <section>
        <h1>Index</h1>
    </section>
    <section>

<form method="post" action="/Echo">
    <p><label for="message">Enter message:  </label><input type="text" name="message" id="message"/></p>
    <p><input type="submit" value="Submit"/></p>
<input name="__RequestVerificationToken" type="hidden" value="CfDJ8ERJiHn9THRElV--1wHd1Rp9WyK4QCn6-wcGhXPDZHOFgkcjhJEBGrYgrsoDN3ETiqDId6aMvaHxmtunVp8ioxWYWAMqVqp3HU4ErpY7_lUzw1monlv7AMPY_Q2mzcP1YijG-86DgSeJXaXnpCWNl4c" /></form>
    </section>
</article>
</body>
</html>

我可以看到嵌入式令牌,我想以JSON而不是url编码的形式发送帖子。我要发送的第二个请求是:

POST http://localhost:5000/Echo HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://localhost:5000/
Accept-Language: en-GB,en;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393
Content-Type: application/json
Accept-Encoding: gzip, deflate
Content-Length: 229
Host: localhost:5000
Connection: Keep-Alive
Pragma: no-cache
Cookie: Webstorm-c18bf75a=81231d9f-edfd-4dbe-bb5a-f6a38d7df3c8; Webstorm-e6130ebb=b043c250-7e3b-44e1-ae53-2a1fd1e938ad; ai_user=a5B0s|2018-04-18T10:45:08.497Z; Webstorm-4df43b9a=25c25d80-7f4a-4ecf-8b74-a84698ccdfbe; .AspNetCore.Antiforgery.eVFzQSsi0_I=CfDJ8ERJiHn9THRElV--1wHd1Ro9Jv2DKwgMTQr1VCL4I-TphhEyTEiHsVS0z8K-Jyz_6VMNQETIEk3Yi5czv3rgMAwzmG76UrsB078j5oPJ8m6esxBQ8zLH9OEpeXqMDu570wRLkCSEQPyTIakVibTOmEM

{
    "message":  "Hello+World",
    "__RequestVerificationToken": "CfDJ8ERJiHn9THRElV--1wHd1Rp9WyK4QCn6-wcGhXPDZHOFgkcjhJEBGrYgrsoDN3ETiqDId6aMvaHxmtunVp8ioxWYWAMqVqp3HU4ErpY7_lUzw1monlv7AMPY_Q2mzcP1YijG-86DgSeJXaXnpCWNl4c"
}

这将返回400:

HTTP/1.1 400 Bad Request
Date: Sun, 25 Nov 2018 14:45:12 GMT
Server: Kestrel
Content-Length: 0

发布JSON时应如何传递令牌?

1 个答案:

答案 0 :(得分:0)

从字面上看,答案是正确的。 tokan应该作为标题传递:

__RequestVerificationToken: CfDJ8ERJiHn9THRElV--1wHd1RqrINvuOTauZLAAg86eE91T6PHlKf21JOJVGA1TdMoksEVSlE-UWkOon2A0x1RSOqy0gQ_uSZxwQiBy8YArAowajUR1uJo3B4XAWl3abaToa8Gp8K4SPJ1hmSKjXAwzZvk