小贝子编程

如何在 MVC 4 中将防伪令牌与 JSON 帖子一起使用



我有jQuery代码,可以使用JSON.stringify将数据发布到控制器类,但是当我使用AntiForgeryToken时,它不起作用..是保护JSON帖子的更好方法,或者我错过了一些东西......

其次,我是否需要额外的..即加密来保护JSON数据...

非常感谢高级帮助...

<script type="text/javascript">
$(document).ready(function () {
    $('#id_login_submit').click(function () {
        var _authetication_Data = { _UserName: $('#u1').val(),  _Password: $('#p1').val() }
        $.ajax({
            type: "POST",
            url: "/Account/ProcessLoginRequest",
            data: JSON.stringify({ model: _authetication_Data }),
            dataType: "json",
            contentType: "application/json; charset=utf-8",
            success: function (response) {
                alert(response);
            }

        });
    });
});
 </script>


@using (Html.BeginForm())
{
    @Html.AntiForgeryToken()
    @Html.ValidationSummary(true)
    @Html.LabelFor(m => m._UserName)
    @Html.TextBoxFor(m => m._UserName, new { id = "u1"})

    @Html.LabelFor(m => m._Password)
    @Html.PasswordFor(m => m._Password, new { id = "p1"})

    <input type="button" id="id_login_submit" value="Login" />
}


   [HttpPost]
    [ValidateAntiForgeryToken]
    public JsonResult ProcessLoginRequest(LoginModel model)
    {
        string returnString = null;
      if (ModelState.IsValid && WebSecurity.Login(model._UserName, model._Password, persistCookie: true))
        {
            returnString = "user is authenticated";
        }
        else
        { returnString = "Message from loginProcess"; }
        return Json(returnString, JsonRequestBehavior.AllowGet);
    }

问题是您没有在请求中包含验证令牌:

var _authetication_Data = { _UserName: $('#u1').val(),  _Password: $('#p1').val(), __RequestVerificationToken: $('[name=__RequestVerificationToken]').val(); }
这就是

我使用代码的方式 

<script type="text/javascript">
$(document).ready(function (options) {
    $('#id_login_submit').click(function () {
        var token = $('input[name=__RequestVerificationToken]').val();
      //var token = $('input[name=__RequestVerificationToken]').val()+"999999";
     //   alert("token :: "+token);
        var _authetication_Data = { _UserName: $('#u1').val(), _Password: $('#p1').val(), "__RequestVerificationToken": token }

            $.ajax({
                type: "POST",
                url: "/Account/ProcessLoginRequest",
                data: JSON.stringify({ model: _authetication_Data }),
                dataType: "json",
                contentType: "application/json; charset=utf-8",
                success: function (response) {
                    alert(response);
                }
            });
    });
});

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium