無法在filterContext中找到防僞標記

Question

我指的是在我的web應用程序中實現防僞的下面的鏈接。

link

$.ajaxAntiForgery({ 
    type: "POST",    
    url: "sampleapp", 
    contentType: false, 
    processData: false, 
    cache: false, 
    success: function (result) {  } 
}); 

如文獻所述，但在代碼隱藏在它下面的線拋出錯誤時創建令牌。

public abstract class BaseController : Controller 
{ 
    private readonly ValidateAntiForgeryTokenAttribute _validator; 
    private readonly AcceptVerbsAttribute _verbs; 
    protected BaseController (HttpVerbs verbs) 
    { 
     this._verbs = new AcceptVerbsAttribute(verbs); 
     this._validator = new ValidateAntiForgeryTokenAttribute();    
    } 

    protected override void OnAuthorization(AuthorizationContext filterContext) 
    { 
     base.OnAuthorization(filterContext); 

     string httpMethodOverride = filterContext.HttpContext.Request.GetHttpMethodOverride(); 
     if (this._verbs.Verbs.Contains(httpMethodOverride, StringComparer.OrdinalIgnoreCase)) 
     { 
      this._validator.OnAuthorization(filterContext); 
     } 
    } 
} 

Answer 1

試着用這個代替。

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false, Inherited = true)] 
public class ValidateTokenAttribute : FilterAttribute, IAuthorizationFilter 
{ 
    public string VariableTokenKey = "__RequestVerificationToken"; 
    public void OnAuthorization(AuthorizationContext filterContext) 
    { 
     try 
     { 
      if (filterContext.HttpContext.Request.IsAjaxRequest()) { this.ValidateRequestHeader(filterContext.HttpContext.Request); } 
      else { AntiForgery.Validate(); } 
     } 
     catch 
     { 
      InvalidRequest(filterContext, "103", "", "Token not found."); 
     } 
    } 
    private void ValidateRequestHeader(HttpRequestBase request) 
    { 
     string cookieToken = string.Empty; 
     string formToken = string.Empty; 
     string tokenValue = request.Headers[this.VariableTokenKey]; // read the header key and validate the tokens. 
     if (!string.IsNullOrEmpty(tokenValue)) 
     { 
      var antiForgeryCookie = request.Cookies[AntiForgeryConfig.CookieName]; 
      cookieToken = antiForgeryCookie != null ? antiForgeryCookie.Value : null; 
     } 
     AntiForgery.Validate(cookieToken, tokenValue); // this validates the request token. 
    } 
    private void InvalidRequest(AuthorizationContext filterContext, string errorCode, string sMessage, string eMessage) 
    { 
     if (filterContext.HttpContext.Request.IsAjaxRequest()) 
     { 
      filterContext.Result = new JsonResult 
      { 
       Data = new { ErrorCode = errorCode, Message = eMessage }, 
       JsonRequestBehavior = JsonRequestBehavior.AllowGet 
      }; 
     } 
     else 
     { 
      ViewDataDictionary viewData = new ViewDataDictionary(); 
      viewData.Add("ShortMessage", "Access denied."); 
      viewData.Add("Message", "Anti forgery token not found."); 
      filterContext.Result = new ViewResult { MasterName = "", ViewName = "Error", ViewData = viewData }; 
     } 
    } 
}