我有使用 JSON.stringify 将数据发布到控制器类的 jQuery 代码,但是当我使用 AntiForgeryToken 时,它不起作用.. 有更好的方法来保护 JSON 发布,否则我错过了一些东西....
其次,我是否需要额外的......即加密以保护 JSON 数据......
非常感谢您在高级...
<script type="text/javascript">
$(document).ready(function () {
$('#id_login_submit').click(function () {
var _authetication_Data = { _UserName: $('#u1').val(), _Password: $('#p1').val() }
$.ajax({
type: "POST",
url: "/Account/ProcessLoginRequest",
data: JSON.stringify({ model: _authetication_Data }),
dataType: "json",
contentType: "application/json; charset=utf-8",
success: function (response) {
alert(response);
}
});
});
});
</script>
@using (Html.BeginForm())
{
@Html.AntiForgeryToken()
@Html.ValidationSummary(true)
@Html.LabelFor(m => m._UserName)
@Html.TextBoxFor(m => m._UserName, new { id = "u1"})
@Html.LabelFor(m => m._Password)
@Html.PasswordFor(m => m._Password, new { id = "p1"})
<input type="button" id="id_login_submit" value="Login" />
}
[HttpPost]
[ValidateAntiForgeryToken]
public JsonResult ProcessLoginRequest(LoginModel model)
{
string returnString = null;
if (ModelState.IsValid && WebSecurity.Login(model._UserName, model._Password, persistCookie: true))
{
returnString = "user is authenticated";
}
else
{ returnString = "Message from loginProcess"; }
return Json(returnString, JsonRequestBehavior.AllowGet);
}