1. 首页
  2. 问答
  3. NullReferenceException显示MVC中的ValidateAntiForgeryToken 5

NullReferenceException显示MVC中的ValidateAntiForgeryToken 5

2016-12-27 35 views
1

我试图在MVC 5中使用ajax保存数据。当我是posting表单数据没有@Html.AntiForgeryToken()时,它运行良好。但它显示使用@Html.AntiForgeryToken()时出现Object reference not set to an instance of an object错误。这里是我的ajax代码:NullReferenceException显示MVC中的ValidateAntiForgeryToken 5

$.ajax({ 
    type: "POST", 
    url: "/Employees/Create", 
    data: data, 
    async: false, 
    success: function (result) { 
     if (result == 1) { 
      window.location.href = '/Employees'; 
     } 
     else { 
      $('#error-span').html('Error in insert.'); 
     } 
    }, 
    error: function() { 
     alert('Failed'); 
    } 
});

这里是我的控制器方法:

[HttpPost] 
[ValidateAntiForgeryToken] 
public ActionResult Create([Bind(Include = "Address,JoinDate,DoB,Gender,BloodGroup,Email,LastName,FirstName,Mobile,UpdateDate,UpdatedBy,Status,EmployeeType,CreatedBy,CreateDate,DesignationId")] EmpDetail empDetail) 
{ 
    try 
    { 
     Regex rgx = new Regex("[^a-zA-Z0-9 - .]"); 
     empDetail.FirstName = CultureInfo.CurrentCulture.TextInfo.ToTitleCase(rgx.Replace(empDetail.FirstName, "").ToLower()).Trim(); 
     empDetail.LastName = CultureInfo.CurrentCulture.TextInfo.ToTitleCase(rgx.Replace(empDetail.LastName, "").ToLower()).Trim(); 
     empDetail.Email = empDetail.Email.ToLower().Trim(); 
     empDetail.UpdateDate = DateTime.Now; 
     empDetail.CreatedBy = 234; 
     empDetail.CreateDate = DateTime.Now; 
     empDetail.UpdatedBy = 234; 
     empDetail.Status = 1; 

     if (ModelState.IsValid) 
     { 
      db.EmpDetails.Add(empDetail); 
      db.SaveChanges(); 
      return Json(1); 
     } 
     else 
     { 
      return Json(2); 
     } 
    } 
    catch (Exception e) 
    { 
     return Json(e.Message); 
    } 
}

来源

2016-12-27 Jaber Kibria

回答

1

这是发生,因为数据被通过JSON而不是HTML表单数据发送。您应该尝试在标头中传递令牌。例如:

检视:

<script> 
    @functions{ 
     public string TokenHeaderValue() 
     { 
      string cookieToken, formToken; 
      AntiForgery.GetTokens(null, out cookieToken, out formToken); 
      return cookieToken + ":" + formToken;     
     } 
    } 

    $.ajax("api/values", { 
     type: "post", 
     contentType: "application/json", 
     data: { }, // JSON data goes here 
     dataType: "json", 
     headers: { 
      'RequestVerificationToken': '@TokenHeaderValue()' 
     } 
    }); 
</script>

控制器:

void ValidateRequestHeader(HttpRequestMessage request) 
{ 
    string cookieToken = ""; 
    string formToken = ""; 

    IEnumerable<string> tokenHeaders; 
    if (request.Headers.TryGetValues("RequestVerificationToken", out tokenHeaders)) 
    { 
     string[] tokens = tokenHeaders.First().Split(':'); 
     if (tokens.Length == 2) 
     { 
      cookieToken = tokens[0].Trim(); 
      formToken = tokens[1].Trim(); 
     } 
    } 
    AntiForgery.Validate(cookieToken, formToken); 
}

来源:https://www.asp.net/web-api/overview/security/preventing-cross-site-request-forgery-csrf-attacks

来源

2016-12-27 17:17:27

相关问题

 相关问题