antiforgerytoken | 易学教程

How can I supply an AntiForgeryToken when posting JSON data using $.ajax?

阅读更多关于 How can I supply an AntiForgeryToken when posting JSON data using $.ajax?

I am using the code as below of this post: First I will fill an array variable with the correct values for the controller action. Using the code below I think it should be very straightforward by just adding the following line to the JavaScript code: data["__RequestVerificationToken"] = $('[name=__RequestVerificationToken]').val(); The <%= Html.AntiForgeryToken() %> is at its right place, and the action has a [ValidateAntiForgeryToken] But my controller action keeps saying: "Invalid forgery token" What am I doing wrong here? Code data["fiscalyear"] = fiscalyear; data["subgeography"] = $(list)

Troubleshooting anti-forgery token problems

阅读更多关于 Troubleshooting anti-forgery token problems

问题 I have a form post that consistently gives me an anti-forgery token error. Here is my form: @using (Html.BeginForm()) { @Html.AntiForgeryToken() @Html.EditorFor(m => m.Email) @Html.EditorFor(m => m.Birthday) <p> <input type=\"submit\" id=\"Go\" value=\"Go\" /> </p> } Here is my action method: [HttpPost] [ValidateAntiForgeryToken] public ActionResult Join(JoinViewModel model) { //a bunch of stuff here but it doesn\'t matter because it\'s not making it here } Here is the machineKey in web

How can I supply an AntiForgeryToken when posting JSON data using $.ajax?

阅读更多关于 How can I supply an AntiForgeryToken when posting JSON data using $.ajax?

问题 I am using the code as below of this post: First I will fill an array variable with the correct values for the controller action. Using the code below I think it should be very straightforward by just adding the following line to the JavaScript code: data[\"__RequestVerificationToken\"] = $(\'[name=__RequestVerificationToken]\').val(); The <%= Html.AntiForgeryToken() %> is at its right place, and the action has a [ValidateAntiForgeryToken] But my controller action keeps saying: \"Invalid

jQuery Ajax calls and the Html.AntiForgeryToken()

阅读更多关于 jQuery Ajax calls and the Html.AntiForgeryToken()

问题 I have implemented in my app the mitigation to CSRF attacks following the informations that I have read on some blog post around the internet. In particular these post have been the driver of my implementation Best Practices for ASP.NET MVC from the ASP.NET and Web Tools Developer Content Team Anatomy of a Cross-site Request Forgery Attack from Phil Haack blog AntiForgeryToken in the ASP.NET MVC Framework - Html.AntiForgeryToken and ValidateAntiForgeryToken Attribute from David Hayden blog