Download the problem with authentication token and Html.AntiforgeryToken (the plugin does not send cookies)

Question

Download the problem with authentication token and Html.AntiforgeryToken (the plugin does not send cookies)

Some time ago, I had a problem with the Uploadify plugin, for which I found the solution described in this.

The problem in this matter was largely due to the fact that Uploadify uses a flash plugin, and the Flash plugin does not transmit authentication cookies with server-side code.

The solution was to use a custom version of the Authorize attribute (the code was posted in this answer).

The [TokenizedAuthorize] attribute was placed in the controller class as follows

[TokenizedAuthorize]
[CheckForActiveService]
public partial class DocumentController : BaseController
{
}

A few days ago, I added <%: Html.AntiForgeryToken() %>inside the form and [ValidateAntiForgeryToken]to the action method, as in the following example:

[HttpPost]
[ValidateAntiForgeryToken]
public virtual ActionResult Upload( HttpPostedFileBase fileData ) {
}

. , , TokenizedAuthorize code

return base.AuthorizeCore( httpContext );

, Elmah,

System.Web.Mvc.HttpAntiForgeryException: invalid or not specified anti forgery token

in System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext)
in System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor)
in System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)

, , , [ValidateAntiForgeryToken] ... , .

?

, __RequestVerificationToken , , <%: Html.AntiForgeryToken() %>

2:

, , [ValidateAntiForgeryToken] Post

3:

post ajax, uploadify, AntiForgeryToken post js,

$('#fileInput').uploadify({
    //other uploadify parameters removed for brevity
    scriptData: AddAntiForgeryToken({ AuthenticationToken: auth }),
});

AddAntiForgeryToken() - javascript, , ajax

<%-- used for ajax in AddAntiForgeryToken() --%>
<form id="__AjaxAntiForgeryForm" action="#" method="post">
    <%: Html.AntiForgeryToken() %>
</form>

// Encapsulate the Anti Forgery Token fetching
AddAntiForgeryToken = function (data) {
    data.__RequestVerificationToken = $('#__AjaxAntiForgeryForm input[name=__RequestVerificationToken]').val();
    return data;
};

4:

Darin . Uploadify script cookie , AntiForgeryToken. cookie Uploadify scriptData?

+3

asp.net-mvc asp.net-mvc-2 antiforgerytoken uploadify

Lorenzo 23 . '10 14:40

1

Darin Dimitrov · Accepted Answer · 2010-11-23T20:01:01+0000

, cookie , __RequestVerificationToken. cookie Html.AntiforgeryToken(), , . Flash, , cookie. , .

- , , , , , . Html.AntiforgeryToken(), , , cookie. POST , [ValidateAntiForgeryToken], , , cookie, . , , , Html.AntiforgeryToken(), html- , AJAX - .

Download the problem with authentication token and Html.AntiforgeryToken (the plugin does not send cookies)

More articles: