前端之家

  1. 首页
  2. 问答

使用AXIOS和ValidateAntiForgeryToken

问答

我正在尝试使用Axios从我的UI调用一个标有[ValidateAntiForgeryToken]的控制器方法。

我已经使用Jquery ajax成功调用了相同的动作

有效的AJAX代码。

首先,我从表单中获取令牌

   var addAntiForgeryToken = function (data) {
            data.__RequestVerificationToken = $("[name='__RequestVerificationToken']").val();
            return data;
        };

amd然后我调用我的方法

      $.ajax({
            type: "POST",url: "http://localhost:40428/controller/action",data: addAntiForgeryToken({ }),success: function (response) {

            }
        });

以上内容在我的控制器中成功调用了以下方法

    [HttpPost]
    [ValidateAntiForgeryToken]
    public actionResult Test_Get()
    {
        ViewBag.Search = true;
        return View("Index");
    }

我已经尝试使用axios的是以下内容

    axios({
            method: 'post',url: 'http://localhost:40428/Meeting_Notes/Test_Get',data: addAntiForgeryToken({})
        });

我也尝试过手动设置标题,但仍然无法正常工作。

wqsvse 回答:使用AXIOS和ValidateAntiForgeryToken

经过一番寻找,我找到了一个简单的解决方案。首先创建控制器,并使用HttpPost和ValidateAntiForgeryToken装饰它

string uriBase = Environment.GetEnvironmentVariable("UriBaseWorkdayAbsenceManagement");
        string user = Environment.GetEnvironmentVariable("WorkdayUsername");
        string pass = Environment.GetEnvironmentVariable("WorkdayPassword");

        string xml;
        XmlWriterSettings settings = new XmlWriterSettings();
        settings.OmitXmlDeclaration = true;
        using (MemoryStream ms = new MemoryStream())
        {
            using (XmlWriter writer = XmlWriter.Create(ms,settings))
            {
                XmlSerializerNamespaces names = new XmlSerializerNamespaces();
                names.Add("soapenv","http://schemas.xmlsoap.org/soap/envelope/");
                names.Add("bsvc","urn:com.workday/bsvc");
                XmlSerializer cs = new XmlSerializer(typeof(Envelope));
                var myEnv = new Envelope()
                {
                    Header = new EnvelopeHeader()
                    {
                        Security = new Security()
                        {
                            UsernameToken = new SecurityUsernameToken()
                            {
                                Username = user,Password = new SecurityUsernameTokenPassword()
                                {
                                    Type = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText",//update type to match your case
                                    Value = pass
                                }
                            }
                        }
                    },Body = new EnvelopeBody()
                    {
                        get_Time_Off_Plan_Balances_RequestType = new WorkDayAbsenceServiceReference.Get_Time_Off_Plan_Balances_RequestType()
                        {
                            Request_Criteria = new WorkDayAbsenceServiceReference.Time_Off_Plan_Balance_Request_CriteriaType()
                            {
                                Employee_Reference = new WorkDayAbsenceServiceReference.WorkerObjectType()
                                {
                                    ID = new WorkDayAbsenceServiceReference.WorkerObjectIDType[]
                                    {
                                        new WorkDayAbsenceServiceReference.WorkerObjectIDType
                                        {
                                            type = "Employee_ID",Value = workerId
                                        }
                                    }
                                }
                            }
                        }
                    }
                };


                cs.Serialize(writer,myEnv,names);
                ms.Flush();
                ms.Seek(0,SeekOrigin.Begin);
                StreamReader sr = new StreamReader(ms);
                xml = sr.ReadToEnd();
            }
        }

        SoapEnvelope responseEnvelope = null;
        using (var client = SoapClient.Prepare().WithHandler(new DelegatingSoapHandler()
        {
            OnHttpRequestAsyncAction = async (z,x,y) =>
            {
                x.Request.Content = new StringContent(xml,Encoding.UTF8,"text/xml");
            }
        }))
        {
            responseEnvelope = client.SendAsync(uriBase,"action",SoapEnvelope.Prepare()).Result;
        }

然后在使用axios调用控制器之前,为标头添加以下拦截器。这会将标头定义为所有axios api调用的默认标头

[HttpPost]
[ValidateAntiForgeryToken]
public void Test_Axios(int id) { }

然后取回令牌

axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';

然后使用qs库对带有令牌的呼叫进行字符串化处理(请注意!它是Qs,而不是qs!)

var token = document.querySelector('token,input').getAttribute('value');

如果您不想传递任何参数,则可以使用以下内容

var request = Qs.stringify({ id: 22,__RequestVerificationToken: token });

然后只需调用控制器方法

var request = Qs.stringify({ __RequestVerificationToken: token });

您完成了!现在,您可以开始调用装饰有[ValidateAntiForgeryToken]属性的mvc 5控制器。

apiasp.net-mvc-5axios
本文链接:https://www.f2er.com/3124390.html

大家都在问