Orchardcms 如何使Orchard CMS使用AntiForgeryToken?
使用Orchard CMS 1.4.2,我在自定义模块中发布表单时遇到问题 以下是我的看法:Orchardcms 如何使Orchard CMS使用AntiForgeryToken?,orchardcms,csrf,Orchardcms,Csrf,使用Orchard CMS 1.4.2,我在自定义模块中发布表单时遇到问题 以下是我的看法: @model ProfileEntity <h2>My Profile</h2> @using (Html.BeginForm("Update", "Home", FormMethod.Post)) { @Html.AntiForgeryToken() @Html.LabelFor(m => m.FirstName) @Html.EditorF
@model ProfileEntity
<h2>My Profile</h2>
@using (Html.BeginForm("Update", "Home", FormMethod.Post))
{
@Html.AntiForgeryToken()
@Html.LabelFor(m => m.FirstName)
@Html.EditorFor(m => m.FirstName)
@Html.LabelFor(m => m.MiddleNames)
@Html.EditorFor(m => m.MiddleNames)
@Html.LabelFor(m => m.Surname)
@Html.EditorFor(m => m.Surname)
<input type="submit" value="Save Profile"/>
}
当我尝试发布此表单时,我遇到一个例外:
[HttpAntiForgeryException (0x80004005): A required anti-forgery token was not supplied or was invalid.]
System.Web.Helpers.AntiForgeryWorker.Validate(HttpContextBase context, String salt) +121176
System.Web.Helpers.AntiForgery.Validate(HttpContextBase httpContext, String salt) +45
System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext) +68
System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) +102
System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +343
System.Web.Mvc.Controller.ExecuteCore() +116
System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +97
System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext) +10
System.Web.Mvc.<>c__DisplayClassb.<BeginProcessRequest>b__5() +37
System.Web.Mvc.Async.<>c__DisplayClass1.<MakeVoidDelegate>b__0() +21
System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +12
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +62
System.Web.Mvc.<>c__DisplayClasse.<EndProcessRequest>b__d() +50
System.Web.Mvc.SecurityUtil.<GetCallInAppTrustThunk>b__0(Action f) +7
System.Web.Mvc.SecurityUtil.ProcessInApplicationTrust(Action action) +22
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +60
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
Orchard.Mvc.Routes.HttpAsyncHandler.EndProcessRequest(IAsyncResult result) in D:\Visual Studio Projects\ESW_EAPExchange\Orchard\src\Orchard\Mvc\Routes\ShellRoute.cs:147
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +8970061
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +184
而不是
@Html.AntiForgeryToken()
(我不确定有什么区别)
但是它给出了同样的错误。看看现有模块代码中几十个示例中的一个
@using (Html.BeginFormAntiForgeryPost())
@Html.AntiForgeryToken()
@using (Html.BeginFormAntiForgeryPost())