问题
I have an MVC 3 view with the following code:-
@using (Html.BeginForm(MVC.Order.SearchResults(), FormMethod.Get))
{
@Html.AntiForgeryToken()
@Html.Button("btnSearch", "Search", HtmlButtonType.Submit, null, new { @class = "button primary icon search", alt = "Search the orders (up to 50 characters)" }
}
When I post the form I see the __RequestVerificationToken= and the contents of the verifcation token within the querystring.
Any ideas why this may be the case and how to sort it?
回答1:
Anti forgery token work only with POST requests. If you want to use them you need to change the verb used of the form to POST instead of GET:
@using (Html.BeginForm(MVC.Order.SearchResults(), FormMethod.Post))
{
@Html.AntiForgeryToken()
@Html.Button("btnSearch", "Search", HtmlButtonType.Submit, null, new { @class = "button primary icon search", alt = "Search the orders (up to 50 characters)" }
}
回答2:
There is a workaround how you can pass antiforegy value through GET method or even in headers. More details here.
来源:https://stackoverflow.com/questions/8473917/mvc-antiforgery-requestvalidation-token-appearing-in-querystring