如何解决获取:必需的防伪表单字段“ __RequestVerificationToken”在asp.net mvc中不存在
我的观点不是表格。我正在使用jQuery对服务器进行Ajax POST,而根本没有任何形式。它显示博客,并且接受博客评论。我想接受该博客评论并将其保存到数据库中。
我正在获取:所需的反伪造表单字段“ __RequestVerificationToken”在asp.net mvc中不存在
我修改了代码以反映先前解决方案中的建议。
我在要用于保存到数据库的文本字段(博客评论)之前有一个@ Html.AntiForgeryToken()。
在控制器aciton方法之前,我具有[ValidateAntiForgeryToken]属性。
我将令牌附加到要发送给方法的数据上: 数据:AddAntiForgeryToken({blogComment,userProfileProcessType}),
但是它仍然不起作用。
这是视图:
<h2 class="page-header"><span class="blogtitle">@Session["BlogTitle"]</span></h2>
@{
Layout = "~/Views/Shared/_LayoutUser.cshtml";
}
@if (ViewBag.errormessage != null)
{
<p class="alert alert-danger" id="errorMessage">@ViewBag.errormessage</p>
}
<br />
<div>
<a href="@Url.Action("LoadDropdownBlogCategorysInBlogsPublished","BlogPublished")">Return To Select a Blog</a>
</div>
<br />
@if (Model != null)
{
<div class="panel panel-default toppanel">
<div class="panel-body">
<div class="row">
<div class="col-md-2">
@Html.LabelFor(model => model.BlogPublishedByBlogId.CreatedDateTime)
@Html.TextBoxFor(model => model.BlogPublishedByBlogId.CreatedDateTime,new { @class = "form-control",@disabled = "disabled" })
</div>
<div class="col-md-2">
@Html.LabelFor(model => model.BlogPublishedByBlogId.ModifiedDateTime)
@Html.TextBoxFor(model => model.BlogPublishedByBlogId.ModifiedDateTime,@disabled = "disabled" })
</div>
</div>
<br />
<div class="row">
<div>
@Html.DisplayFor(model => model.BlogPublishedByBlogId.BlogContent,new { @class = "form-control blogContent",@disabled = "disabled" })
</div>
</div>
<br />
<br />
<div class="panel-footer">
<button type="button" class="btn btn-primary Comment" data-id="@Model.BlogPublishedByBlogId.BlogId" value="Comment">
<span class="glyphicon glyphicon-comment" aria-hidden="true"></span> Get Comment(s)
</button>
</div>
<div id="@string.Format("{0}_{1}","commentsBlock",@Model.BlogPublishedByBlogId.BlogId)" style="border: 1px solid #f1eaea; background-color: #eaf2ff;">
<div class="AddCommentArea" style="margin-left: 30%; margin-bottom: 5px; margin-top: 8px;">
@Html.AntiForgeryToken()
<input type="text" id="@string.Format("{0}_{1}","comment",@Model.BlogPublishedByBlogId.BlogId)" class="form-control" placeholder="Add a comment..." style="display: inline;" />
<button type="button" class="btn btn-primary addComment" data-id="@Model.BlogPublishedByBlogId.BlogId"><span class="glyphicon glyphicon-comment" aria-hidden="true"></span></button>
</div>
</div>
</div>
</div>
}
@Scripts.Render("~/bundles/jqueryval")
@Scripts.Render("~/bundles/jquery")
@Scripts.Render("~/bundles/bootstrap")
@Styles.Render("~/Content/css")
@section Scripts
{
<script type="text/javascript">
$(document).ready(function () {
$('.Comment').on('click',function () {
var blogId = $(this).attr("data-id");
var allCommentsArea = $('<div>').addClass('allComments_' + blogId);
$.ajax({
type: 'GET',url: '@Url.Action("GetBlogComments","BlogPublished")',data: { blogId: blogId },success: function (response) {
if ($('div').hasClass('allComments_' + blogId + ''))
{
$('div[class=allComments_' + blogId + ']').remove();
}
// Dynamically building the HTML to hold the comments (the list) returned.
// The area for the BlogPublished/_Comments.cshtml to be placed.
allCommentsArea.html(response);
allCommentsArea.prependTo('#commentsBlock_' + blogId);
},error: function (xhr,ajaxOptions,thrownError) {
alert("Critical Error: something is wrong in the call to GetBlogComments! Status: " + xhr.status + ". Error: " + thrownError.toString() + ". Response Text: " + xhr.responseText);
}
})
});
// For when clicking the 'addComment' button.
$('.addComment').on('click',function () {
var blogId = $(this).attr('data-id');
var blogCommentContent = $('#comment_' + blogId).val();
var dateTimeNow = new Date();
var userProfileProcessType = "I";
// An object - the BlogComment model to be passed to the controller method.
var blogComment = {
BlogId: blogId,BlogCommentContent: blogCommentContent,DateTimeOfBlogComment: dateTimeNow.toLocaleString()
};
$.ajax({
type: 'POST',url: '@Url.Action("ProcessSaveBlogComment",data: AddAntiForgeryToken({ blogComment,userProfileProcessType }),success: function (response) {
$('div[class=allComments_' + blogId + ']').remove();
// Dynamically building the HTML to hold the comments (the list) returned which now includes the added comment.
var allCommentsArea = $('<div>').addClass('allComments_' + blogId);
allCommentsArea.html(response);
allCommentsArea.prependTo('#commentsBlock_' + blogId);
$("#comment_" + blogId).val('')
},thrownError) {
alert("Critical Error: something is wrong in the call to ProcessSaveBlogComment! Status: " + xhr.status + ". Error: " + thrownError.toString() + ". Response Text: " + xhr.responseText);
}
});
});
jQuery(".timeago").timeago();
});
AddAntiForgeryToken = function (data) {
data.__RequestVerificationToken = $('#__AjaxAntiForgeryForm input[name=__RequestVerificationToken]').val();
return data;
};
</script>
}
这是控制器:
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<ActionResult> ProcessSaveBlogComment(BlogComment blogComment,string userProfileProcessType)
{
if (ModelState.IsValid)
{
blogComment.UserId = Convert.ToInt32(Session["UserId"]);
BLL_BlogPublished bll_BlogPublished = new BLL_BlogPublished();
ProcessSaveBlogCommentResults processSaveBlogCommentResults = new ProcessSaveBlogCommentResults();
try
{
processSaveBlogCommentResults = await bll_BlogPublished.ProcessSaveBlogComment(blogComment,Session["UserName"].ToString(),userProfileProcessType);
if (processSaveBlogCommentResults.ApiErrorMessage == null)
{
if (processSaveBlogCommentResults.Status == 2)
{
ViewBag.errormessage = "Process Violation: You are not the 'blog comment' creator so you cannot update the blog comment.";
}
else if (processSaveBlogCommentResults.Status == 3)
{
ViewBag.errormessage = "Process Violation: Not the correct 'blog id' so cannot update the blog comment.";
}
}
else
{
ViewBag.errormessage = processSaveBlogCommentResults.ApiErrorMessage;
}
}
catch (Exception ex1)
{
exceptionMessage = "Server error on saving the blog comment. Please contact the administrator.";
try
{
ClientErrorResult clientErrorResult = new ClientErrorResult();
clientErrorResult = await ProcessClientError(Session["UserName"].ToString(),ex1.Message,"Server error on saving the blog comment. User name: " + Session["UserName"] + ". Post method: ProcessSaveBlogComment.");
if (clientErrorResult.ApiErrorMessage == null)
{
ViewBag.errormessage = exceptionMessage;
}
else
{
ViewBag.errormessage = clientErrorResult.ApiErrorMessage;
}
}
catch (Exception ex2)
{
ViewBag.errormessage = "Failure in ProcessClientError. Exception error: " + ex2.Message + ". Original error: " + exceptionMessage;
}
}
}
return RedirectToAction("GetBlogComments","BlogPublished",new {blogId = blogComment.BlogId });
}
在离开AddAntiForgeryToken函数之前-控制台日志。
“网络”标签-Cookies。
“网络”标签的第1部分-标头(cookie中具有请求验证令牌)。
“网络”标签的第2部分-标头(具有我的数据要发送到控制器)。
错误:
2020/8/13下午4:49:56
控制器名称:-BlogPublished 操作方法名称:-ProcessSaveBlogComment
System.Web.Mvc.ExceptionContext 信息 - - {0}必填的防伪表单字段“ __RequestVerificationToken”不存在。 .Net错误- {0}检查MVC Ajax代码是否有错误 资源 - - {0} System.Web.WebPages 堆栈跟踪 - - System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens上的{0}(HttpContextBase httpContext,IIdentity身份,AntiForgeryToken sessionToken,AntiForgeryToken fieldToken) 在System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext) 在System.Web.Helpers.AntiForgery.Validate() 在System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext)处 在System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext,IList`1过滤器,ActionDescriptor actionDescriptor) 在System.Web.Mvc.Async.AsyncControllerActionInvoker。 c__DisplayClass3_1.b__0(AsyncCallback asyncCallback,Object asyncState) TargetSite- {0}无效ValidateTokens(System.Web.HttpContextBase,System.Security.Principal.IIdentity,System.Web.Helpers.AntiXsrf.AntiForgeryToken,System.Web.Helpers.AntiXsrf.AntiForgeryToken)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。