Javascript 带有JSON.Stringify的ASP.NET Core 2.2 AntiForgeryToken_Javascript_Jquery_Asp.net_Asp.net Core

Javascript 带有JSON.Stringify的ASP.NET Core 2.2 AntiForgeryToken

javascript jquery asp.net asp.net-core

Javascript 带有JSON.Stringify的ASP.NET Core 2.2 AntiForgeryToken,javascript,jquery,asp.net,asp.net-core,Javascript,Jquery,Asp.net,Asp.net Core,我的服务器上有一个具有ValidateAntiForgeryToken属性的控制器 [HttpPost] [ValidateAntiForgeryToken] public ActionResult GetHistory([FromBody] ChatMessageGetHistoryViewModel Input) { var userName = HttpContext.User.Claims.Where(c => c.Type == "UserName").Select(c

我的服务器上有一个具有ValidateAntiForgeryToken属性的控制器

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult GetHistory([FromBody] ChatMessageGetHistoryViewModel Input)
{
     var userName = HttpContext.User.Claims.Where(c => c.Type == "UserName").Select(c => c.Value).SingleOrDefault();
     var history = chatMessageData.GetAllBySessionId(Input.SessionId, userName);
     var output = JsonConvert.SerializeObject(history);
     return Ok(output);
}

我尝试过这种方法，但到目前为止，我一直得到错误代码400。我已经尝试将反Forgery令牌作为表单数据的一部分，但这也不起作用

<script>
    $(document).ready(function () {
        var token = $('input[name="__RequestVerificationToken"]', $('#__AjaxAntiForgeryForm')).val();
        var SessionId = document.getElementById("Id").value;
        var form_data = {
            "SessionId": SessionId,
            __RequestVerificationToken: token,
        };
        $.ajax({
            url: "@Url.Action("GetHistory", @ViewContext.RouteData.Values["controller"].ToString())",
            method: "POST",
            data: JSON.stringify(form_data),
            contentType: "application/json",
            success: function (result) {
                console.log(result);
                var output = JSON.parse(result);
                for (var i = 0; i < output.length; i++) {
                    var p = document.createElement("span");
                    var q = document.createElement("li");
                    if (output[i].Mine == true) {
                        p.setAttribute("class", "Sender Me");
                        q.setAttribute("class", "Message");
                    } else {
                        p.setAttribute("class", "Sender");
                        q.setAttribute("class", "Message");
                    }
                    p.textContent = output[i].Name + " - " + moment(output[i].CreatedOn).format("DD-MM-YYYY HH:mm:ss");
                    q.textContent = output[i].Message;
                    document.getElementById("MessageList").appendChild(p);
                    document.getElementById("MessageList").appendChild(q);
                }

            },
            error: function (error) {
                console.log(error);
            }
        });

        $('#MessageList').stop().animate({
            scrollTop: $('#MessageList')[0].scrollHeight
        }, 2000);
        return false;
    });
</script>

对于AJAX请求，您需要在请求头中设置令牌：默认情况下是RequestVerificationToken请求头

$.ajax({
    ...
    headers: {
        'RequestVerificationToken': token
    }
});

对于AJAX请求，您需要在请求头中设置令牌：默认情况下是RequestVerificationToken请求头

$.ajax({
    ...
    headers: {
        'RequestVerificationToken': token
    }
});

您必须将RequestVerificationToken作为标头与ajax请求一起传递，如下所示：

$.ajax({
        url: "@Url.Action("GetHistory", @ViewContext.RouteData.Values["controller"].ToString())",
        method: "POST",
        data: JSON.stringify(form_data),
        contentType: "application/json",
        headers: { 'RequestVerificationToken': token }, // here have to set the token
        success: function (result) {
            console.log(result);
            var output = JSON.parse(result);
            for (var i = 0; i < output.length; i++) {
                var p = document.createElement("span");
                var q = document.createElement("li");
                if (output[i].Mine == true) {
                    p.setAttribute("class", "Sender Me");
                    q.setAttribute("class", "Message");
                } else {
                    p.setAttribute("class", "Sender");
                    q.setAttribute("class", "Message");
                }
                p.textContent = output[i].Name + " - " + moment(output[i].CreatedOn).format("DD-MM-YYYY HH:mm:ss");
                q.textContent = output[i].Message;
                document.getElementById("MessageList").appendChild(p);
                document.getElementById("MessageList").appendChild(q);
            }

        },
        error: function (error) {
            console.log(error);
        }
    });

您必须将RequestVerificationToken作为标头与ajax请求一起传递，如下所示：

$.ajax({
        url: "@Url.Action("GetHistory", @ViewContext.RouteData.Values["controller"].ToString())",
        method: "POST",
        data: JSON.stringify(form_data),
        contentType: "application/json",
        headers: { 'RequestVerificationToken': token }, // here have to set the token
        success: function (result) {
            console.log(result);
            var output = JSON.parse(result);
            for (var i = 0; i < output.length; i++) {
                var p = document.createElement("span");
                var q = document.createElement("li");
                if (output[i].Mine == true) {
                    p.setAttribute("class", "Sender Me");
                    q.setAttribute("class", "Message");
                } else {
                    p.setAttribute("class", "Sender");
                    q.setAttribute("class", "Message");
                }
                p.textContent = output[i].Name + " - " + moment(output[i].CreatedOn).format("DD-MM-YYYY HH:mm:ss");
                q.textContent = output[i].Message;
                document.getElementById("MessageList").appendChild(p);
                document.getElementById("MessageList").appendChild(q);
            }

        },
        error: function (error) {
            console.log(error);
        }
    });