我已經被帶到了我的第一個MVC和C#項目,所以我非常感謝任何指導。MVC - 反僞造令牌錯誤
我創建了一項新功能,用於檢查用戶是否在登錄時進行過安全培訓。如果用戶沒有進行安全培訓,則會將用戶導向到培訓頁面,他們只是同意/不同意規則。如果用戶同意,則登錄完成。如果用戶不同意,他/她將被註銷。
我的問題是,當我在培訓視圖中選擇同意/不同意按鈕時,我得到以下 它應該將我路由到主頁或註銷用戶。
控制器
public ActionResult UserSecurityTraining(int ID, string returnUrl)
{
// check if user already has taken training (e.g., is UserInfoID in UserSecurityTrainings table)
var accountUser = db.UserSecurityTraining.Where(x => x.UserInfoID == ID).Count();
// If user ID is not in UserSecurityTraining table...
if (accountUser == 0)
{
// prompt security training for user
return View("UserSecurityTraining");
}
// If user in UserSecurityTraining table...
if (accountUser > 0)
{
return RedirectToLocal(returnUrl);
}
return View();
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> UserSecurityTrainingConfirm(FormCollection form, UserSecurityTraining model)
{
if (ModelState.IsValid)
{
if (form["accept"] != null)
{
try
{
// if success button selected
//UserSecurityTraining user = db.UserSecurityTraining.Find(); //Create model object
//var user = new UserSecurityTraining { ID = 1, UserInfoID = 1, CreatedDt = 1 };
logger.Info("User has successfully completed training" + model.UserInfoID);
model.CreatedDt = DateTime.Now;
db.SaveChanges();
//return RedirectToAction("ChangePassword", "Manage");
}
catch (Exception e)
{
throw e;
}
return View("SecurityTrainingSuccess");
}
if(form["reject"] != null)
{
return RedirectToAction("Logoff", "Account");
}
}
return View("UserSecurityTraining");
}
查看
@model ECHO.Models.UserSecurityTraining
@{
ViewBag.Title = "Security Training";
Layout = "~/Views/Shared/_LayoutNoSidebar.cshtml";
}
<!--<script src="~/Scripts/RequestAccess.js"></script>-->
<div class="container body-content">
<h2>@ViewBag.Title</h2>
<div class="row">
<div class="col-md-8">
@using (Html.BeginForm("UserSecurityTrainingConfirm", "Account", FormMethod.Post, new { role = "form" }))
{
<fieldset>
@Html.AntiForgeryToken()
Please view the following security training slides:<br><br>
[INSERT LINK TO SLIDES]<br><br>
Do you attest that you viewed, understood, and promise to follow the guidelines outlined in the security training?<br><br>
<input type="submit" id="accept" class="btn btn-default" value="Accept" />
<input type="submit" id="reject" class="btn btn-default" value="Reject" />
</fieldset>
}
</div><!--end col-md-8-->
</div><!--end row-->
</div><!-- end container -->
@section Scripts {
@Scripts.Render("~/bundles/jqueryval")
}
除非你返回一個無效模型,否則你應該只從HTTP POST控制器操作方法中返回'RedirectToAction'。例如,爲了保持適當的PRG(Post,Redirect,Get)模式,此行返回View(「SecurityTrainingSuccess」);'應該在這一行返回RedirectToAction(「SecurityTrainingSuccess」);'' MVC很大程度上依賴於你正確地遵循PRG,或者事情變得非常時髦。 – Tommy