开发者

AntiForgeryToken for LogOff in ASP.NET MVC 3

问答 作者:

I have the following antiforgerytoken defined on my login page like this:

<%=Html.AntiForgeryToken(Constants.AntiForgerySalt)%>

My login method looks like this:

    [ValidateAntiForgeryToken(Salt = Constants.AntiForgerySalt)]
    public ActionResult Log开发者_JAVA百科In(string userName, string password, string attemptsKey)
    {
        .....
    }

All works good, apart from the way I handle logging out.

For logging out, I have an actionlink defined like this:

<%=Html.ActionLink("Logout", "LogOut", "LogIn")%>

This obviously means that there is no form being posted to the server.

The logout action specified in the ActionLink executes but when it redirects to the login page which has the AntiForgeryToken specified, I get the following error message:

A required anti-forgery token was not supplied or was invalid.

I am surprised by this as I thought it only applied to scenarios where data was being posted.

If I am redirecting to a page that only has the AntiForgeryToken being rendered then why is this error message happening?

Your easiest solution is to decorate Login(..) with [HttpPost], and create a Login(..) action decorated with [HttpGet] which serves the Login page. This will prevent the action link from triggering this action.

继续阅读:asp.netasp.net-mvc

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9