我为这个问题中被接受的答案实现了Razor等效解决方案:jQuery Ajax调用和Html.AntiForgeryToken(),但我一直收到以下异常信息:
System.Web.Mvc.HttpAntiForgeryException (0x80004005):所需的防伪表单字段 "__RequestVerificationToken" 不存在。
编辑
我设法通过以下方式解决了这个问题:
function AddAntiForgeryToken(data) {
data.append('__RequestVerificationToken',$('#__AjaxAntiForgeryForm input[name=__RequestVerificationToken]').val());
return data;
};
function CallAjax(url, type, data, success, error) {
var ajaxOptions = { url: url, type: type, contentType: 'application/json'};
if (type == 'POST') {
var fd = new window.FormData();
fd = AddAntiForgeryToken(fd);
$.each(data, function (i, n) {
fd.append(i,n);
});
data = fd;
ajaxOptions.processData = false;
ajaxOptions.contentType = false;
}
ajaxOptions.data = data;
if (success) ajaxOptions.success = success;
//If there is a custom error handler nullify the general statusCode setting.
if (error) {
ajaxOptions.error = error;
ajaxOptions.statusCode = null;
};
$.ajax(ajaxOptions);
}
很不幸,FormData()仅受支持于最新的浏览器版本。
编辑 我想知道为什么ValidateAntiForgeryTokenAttribute只在表单数据中寻找AntiForgeryToken,而不像下面代码中的密封类AntiForgeryTokenStore和AntiForgeryWorker一样在路由值中寻找它?
public void Validate(HttpContextBase httpContext)
{
this.CheckSSLConfig(httpContext);
AntiForgeryToken cookieToken = this._tokenStore.GetCookieToken(httpContext);
AntiForgeryToken formToken = this._tokenStore.GetFormToken(httpContext);
this._validator.ValidateTokens(httpContext, AntiForgeryWorker.ExtractIdentity(httpContext), cookieToken, formToken);
}
public AntiForgeryToken GetFormToken(HttpContextBase httpContext)
{
string serializedToken = httpContext.Request.Form[this._config.FormFieldName];
if (string.IsNullOrEmpty(serializedToken))
return (AntiForgeryToken) null;
else
return this._serializer.Deserialize(serializedToken);
}