Fatal编程技术网
  • orchardcms/
  • Orchardcms 如何使Orchard CMS使用AntiForgeryToken?

Orchardcms 如何使Orchard CMS使用AntiForgeryToken?

orchardcms

Orchardcms 如何使Orchard CMS使用AntiForgeryToken?,orchardcms,csrf,Orchardcms,Csrf,使用Orchard CMS 1.4.2,我在自定义模块中发布表单时遇到问题 以下是我的看法: @model ProfileEntity <h2>My Profile</h2> @using (Html.BeginForm("Update", "Home", FormMethod.Post)) { @Html.AntiForgeryToken() @Html.LabelFor(m => m.FirstName) @Html.EditorF

使用Orchard CMS 1.4.2,我在自定义模块中发布表单时遇到问题

以下是我的看法:

@model ProfileEntity

<h2>My Profile</h2>

@using (Html.BeginForm("Update", "Home", FormMethod.Post))
{
    @Html.AntiForgeryToken()

    @Html.LabelFor(m => m.FirstName)
    @Html.EditorFor(m => m.FirstName)

    @Html.LabelFor(m => m.MiddleNames)
    @Html.EditorFor(m => m.MiddleNames)

    @Html.LabelFor(m => m.Surname)
    @Html.EditorFor(m => m.Surname)

    <input type="submit" value="Save Profile"/> 
}
当我尝试发布此表单时,我遇到一个例外:

[HttpAntiForgeryException (0x80004005): A required anti-forgery token was not supplied or was invalid.]
   System.Web.Helpers.AntiForgeryWorker.Validate(HttpContextBase context, String salt) +121176
   System.Web.Helpers.AntiForgery.Validate(HttpContextBase httpContext, String salt) +45
   System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext) +68
   System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) +102
   System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +343
   System.Web.Mvc.Controller.ExecuteCore() +116
   System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +97
   System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext) +10
   System.Web.Mvc.<>c__DisplayClassb.<BeginProcessRequest>b__5() +37
   System.Web.Mvc.Async.<>c__DisplayClass1.<MakeVoidDelegate>b__0() +21
   System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +12
   System.Web.Mvc.Async.WrappedAsyncResult`1.End() +62
   System.Web.Mvc.<>c__DisplayClasse.<EndProcessRequest>b__d() +50
   System.Web.Mvc.SecurityUtil.<GetCallInAppTrustThunk>b__0(Action f) +7
   System.Web.Mvc.SecurityUtil.ProcessInApplicationTrust(Action action) +22
   System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +60
   System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
   Orchard.Mvc.Routes.HttpAsyncHandler.EndProcessRequest(IAsyncResult result) in D:\Visual Studio Projects\ESW_EAPExchange\Orchard\src\Orchard\Mvc\Routes\ShellRoute.cs:147
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +8970061
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +184
而不是

@Html.AntiForgeryToken()
(我不确定有什么区别)

但是它给出了同样的错误。

看看现有模块代码中几十个示例中的一个

@using (Html.BeginFormAntiForgeryPost())

@Html.AntiForgeryToken()

@using (Html.BeginFormAntiForgeryPost())