1

我的控制器抛出错误

所需的防伪表单字段“__RequestVerificationToken”不存在。

但这正是我正在做的

  1. 使用测试用户登录

看法

@using (Html.BeginForm(new { ReturnUrl = ViewBag.ReturnUrl }))
{
        @Html.AntiForgeryToken()
        @Html.ValidationSummary()

        <fieldset>
            <legend>Log in Form</legend>
            <ol>
                <li>
                    @Html.LabelFor(m => m.UserName)
                    @Html.TextBoxFor(m => m.UserName)
                </li>

                <li>
                    @Html.LabelFor(m => m.Password)
                    @Html.PasswordFor(m => m.Password)
                </li>

                <li>
                    @Html.LabelFor(m => m.RememberMe)
                    @Html.CheckBoxFor(m => m.RememberMe)
                </li>

控制器

[AllowAnonymous]
        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Login(LoginModel model, string returnUrl)
        {
            if (ModelState.IsValid)
            {
                if (Membership.ValidateUser(model.UserName, model.Password))
                {                    
                    FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);

                    return RedirectToCreateUserProfile(model, returnUrl);
                }
                else
                {
                    ModelState.AddModelError("", "The user name or password provided is incorrect.");
                }

  1. 一旦通过身份验证,我将被重定向到主页

  2. 然后我点击一个菜单选项来显示我的用户资料,我得到了上面的错误

LAYOUT VIEW(显示更多所需的代码,但想让 JS 导致问题)

<!DOCTYPE html>
<html>
    <head>
        <title>@ViewBag.Title</title>
        <link href="@Url.Content("~/Content/Site.css")" rel="stylesheet" type="text/css" />
        <link href="@Url.Content("~/Content/kendo/2013.2.918/kendo.common.min.css")" rel="stylesheet" type="text/css" />
        <link href="@Url.Content("~/Content/kendo/2013.2.918/kendo.dataviz.min.css")" rel="stylesheet" type="text/css" />
        <link href="@Url.Content("~/Content/kendo/2013.2.918/kendo.metro.min.css")" rel="stylesheet" type="text/css" />
        <link href="@Url.Content("~/Content/kendo/2013.2.918/kendo.dataviz.metro.min.css")" rel="stylesheet" type="text/css" />
        <script src="@Url.Content("~/Scripts/kendo/2013.2.918/jquery.min.js")"></script>
        <script src="@Url.Content("~/Scripts/kendo/2013.2.918/kendo.all.min.js")"></script>
        <script src="@Url.Content("~/Scripts/kendo/2013.2.918/kendo.aspnetmvc.min.js")"></script>
        <script src="@Url.Content("~/Scripts/kendo.modernizr.custom.js")"></script>
        <script type="text/javascript">

            var _gaq = _gaq || [];
            var pluginUrl =
           '//www.google-analytics.com/plugins/ga/inpage_linkid.js';
            _gaq.push(['_require', 'inpage_linkid', pluginUrl]);
            _gaq.push(['_setAccount', 'UA-44529127-1']);
            _gaq.push(['_trackPageview']);

            (function () {
                var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
                ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
                var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
            })();

</script>

    </head>
    <body>
        <header>
            <div class="content-wrapper">
                <div class="float-left">
                    <p class="site-title">@Html.ActionLink("your logo here", "Index", "Home")</p>
                </div>
                <div class="float-right">
                    <section id="login">
                        @Html.Partial("_LoginPartial")
                    </section>
                    <nav>
                        <ul id="menu">
                            <li>@Html.ActionLink("Home", "Index", "Home")</li>
                            <li>@Html.ActionLink("About", "About", "Home")</li>
                            <li>@Html.ActionLink("Contact", "Contact", "Home")</li>
                            @if (User.IsInRole("Admin"))
                            {
                                <li>@Html.ActionLink("API", "Index", "Help", new { area = "" }, null)</li>                            
                            }
                        </ul>
                    </nav>                    
                </div>
            </div>
        </header>
        <div id="body">
            @if (Request.IsAuthenticated)
            {
            <ul id="IndexHomeMenu">
                @if (User.IsInRole("Admin"))
                {
                    <li>
                        Administration@*@Html.ActionLink("Administration", "Contact", "Home")*@
                        <ul>
                            <li>@Html.ActionLink("Manage Roles", "Index", "AdminView")</li>
                            <li>@Html.ActionLink("Manage Users", "Contact", "Home")</li>
                            <li>@Html.ActionLink("Inactive Reasons", "Index", "InactiveReasonView")</li>
                        </ul>
                    </li>
                }
                <li>
                    My Information
                    <ul>
                        <li>@Html.ActionLink("Profile", "EditByName", "UserView", new { UserName = User.Identity.Name }, new { @class = "selected" })</li>
                        <li>@Html.ActionLink("Phone Numbers", "Active", "PhoneNumberView",new {userName= User.Identity.Name },null)</li>
                        <li>@Html.ActionLink("Address's", "Active", "AddressView",new {userName= User.Identity.Name },null)</li>
                        @if(!User.IsInRole("Clients")){
                        <li>@Html.ActionLink("Subscription", "Index", "AdminView")</li>}
                    </ul>

我正在点击

  • @Html.ActionLink("Profile", "EditByName", "UserView", new { UserName = User.Identity.Name }, new { @class = "selected" })

    • 控制器

        [ValidateAntiForgeryToken]
    public ActionResult EditByName(string userName)//EditByName
    {
        if (User.Identity.IsAuthenticated)
        {
            UserModel usermodel = repository.Get(User.Identity.Name);// db.UserModels.Find(id);
            if (usermodel == null)
            {
                return RedirectToAction("Create","UserView", User.Identity.Name);
            }
            return View(usermodel);
        }
        else { return RedirectToAction("Login", controllerName: "AccountView"); }
    }

    这是发生错误的时候。而且我不确定缺少什么,我正在创建令牌并且它在所有形式上。

    4

    2 回答 2

    2

    您正在使用[ValidateAntiForgeryToken]GET 操作(EditByName 操作),而它旨在处理 POST 操作。

    请参阅this question on the [ValidateAntiForgeryToken]purpose和this article解释如何使用它来防止CSRF攻击。

    于 2013-10-08T12:15:49.110 回答
    1

    [ValidateAntiForgeryToken]EditByName GET-action 方法中删除。

    另外,使用[Authorize]属性而不是if (User.Identity.IsAuthenticated).

    只要知道用户名,任何用户都可以编辑任何个人资料吗?

    于 2013-10-08T12:14:00.290 回答