.net core 2.2 上带有 antiforgerytoken 的 ajax Post 请求

【问题标题】:ajax Post request with antiforgerytoken on .net core 2.2.net core 2.2 上带有 antiforgerytoken 的 ajax Post 请求
【发布时间】:2019-07-08 12:21:37
【问题描述】:

我有一个使用具有防伪令牌验证的 ASP .Net Core 2.2 的 Web 项目。之后,我所有的 AJAX 发布请求都不起作用。有没有什么方法可以用最少的改动来执行这个 AJAX 请求?

$.ajax({
  type: 'POST',
  url: 'Register/RegisterNewUser',
  data: {
    Name: "John",
    Surname: "Doe",
    Email: "some@mail.com"
  },
  success: success,
  error: function(xhr, textStatus, errorThrown) {
    alert(errorThrown);
  }
});

【问题讨论】:

    标签: jquery asp.net asp.net-core asp.net-ajax


    【解决方案1】:

    您可以使用 .net core 2.2 发布带有请求标头的 antiforgerytoken 验证

         $.ajax({
                type: 'POST',
                url: 'Register/RegisterNewUser',
                dataType: 'json',
                data: { Name: "John", Surname: "Doe", Email: "some@mail.com" },                    
                headers: {
                    RequestVerificationToken:
                        $('input:hidden[name="__RequestVerificationToken"]').val()
                },
                success: success,
                error: function (xhr, textStatus, errorThrown)
                {
                    alert(errorThrown);
                }
            });

    【讨论】:

      【解决方案2】:

      解决方案:

      @using Microsoft.AspNetCore.Antiforgery
@inject IAntiforgery Antiforgery
<!---Some content ---->## Heading ##


<script>
$.ajax({
type: 'POST', 
beforeSend: function (request) { request.setRequestHeader("RequestVerificationToken",@Antiforgery.GetTokens(Context).RequestToken);},
url: 'Register/RegisterNewUser',
data: { Name: "John", Surname:"Doe",Email:"some@mail.com" },
success: success,
error: function (xhr, textStatus, errorThrown) { alert(errorThrown);}
});
</script>

      【讨论】:

        【解决方案3】:

        首先,你需要配置中间件

        TestMiddleware.cs

        using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Antiforgery;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Identity;

namespace Test.Middleware
{
    public class TestMiddleware
    {
        private readonly RequestDelegate _next;
        public TestMiddleware(RequestDelegate next)
        {
            _next = next;
        }
        public async Task InvokeAsync(HttpContext httpContext, AppDbContext dataContext, UserManager<User> userManager, IAntiforgery antiforgery)
        {
            SetAntiForgeryTokenCookie();
            // Move forward into the pipeline
            await _next(httpContext);
        }
        private void SetAntiForgeryTokenCookie(HttpContext httpContext, IAntiforgery antiforgery)
        {
            var tokens = antiforgery.GetAndStoreTokens(httpContext);
            httpContext.Response.Cookies.Append("CSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false });
        }
    }
    public static class TestMiddlewareExtensions
    {
        public static IApplicationBuilder UseTestMiddleware(this IApplicationBuilder builder)
        {
            return builder.UseMiddleware<TestMiddleware>();
        }
    }
    #endregion
}

        Startup.cs

        using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Antiforgery;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Test.Middleware;

namespace Test
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllersWithViews();

            services.AddDbContext<AppDbContext>(options =>
                options.UseSqlServer(Configuration.GetConnectionString("Database"), b => b.MigrationsAssembly("Test")));

            services.AddIdentity<User, Role>()
                .AddEntityFrameworkStores<AppDbContext>()
                .AddDefaultTokenProviders();

            services.Configure<IdentityOptions>(options =>
            {
                // Password settings
                options.Password.RequireDigit = true;
                options.Password.RequiredLength = 8;
                options.Password.RequireNonAlphanumeric = false;
                options.Password.RequireUppercase = true;
                options.Password.RequireLowercase = false;
                options.Password.RequiredUniqueChars = 6;
                // Lockout settings
                options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
                options.Lockout.MaxFailedAccessAttempts = 10;
                options.Lockout.AllowedForNewUsers = true;
                // User settings
                options.User.RequireUniqueEmail = true;
            });
            services.ConfigureApplicationCookie(options =>
            {
                // Cookie settings
                options.Cookie.HttpOnly = true;
                options.ExpireTimeSpan = TimeSpan.FromMinutes(480);
                options.LoginPath = "/Account/Login";
                options.AccessDeniedPath = "/Account/AccessDenied";
                options.SlidingExpiration = true;
            });
            services.AddAntiforgery(options =>
            {
                // Antiforgety settings
                options.HeaderName = "X-CSRF-TOKEN";
            });
        }

        public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IAntiforgery antiforgery)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
                app.UseHsts();
            }

            app.UseHttpsRedirection();
            app.UseStaticFiles();

            app.UseRouting();
            app.UseAuthentication();
            app.UseAuthorization();

            app.UseTestMiddleware();
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Home}/{action=Index}/{id?}");
            });
        }
    }
}

        script.js

        self.saveSurvey = function (userId) {
        var csrfToken = self.getCookie("CSRF-TOKEN");
        var ajaxUrl = "Account/Save",
            ajaxData = {
                UserId: userId
            };
        $.ajax({
            type: "POST",
            url: ajaxUrl,
            data: JSON.stringify(ajaxData),
            cache: false,
            contentType: "application/json; charset=utf-8",
            dataType: 'json',
            headers: {
                "X-CSRF-TOKEN": csrfToken
            },
            success: function (viewModel) {
                console.log("Eureka!")
            },
            error: function (error) {
                console.log("Not Eureka!")
            }
        });
    };

        【讨论】:

          猜你喜欢
          • 1970-01-01
          • 2020-05-26
          • 2019-07-02
          • 1970-01-01
          • 2019-10-12
          • 1970-01-01
          • 2020-12-20
          • 2022-01-25
          • 1970-01-01
          相关资源
          最近更新 更多
          热门标签
          Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode