62,067
社区成员
发帖
与我相关
我的任务
分享
public class AjaxValidateAntiForgeryTokenAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
var request = filterContext.HttpContext.Request;
if (request.HttpMethod == WebRequestMethods.Http.Post)
{
if (request.IsAjaxRequest())
{
var antiForgeryCookie = request.Cookies[AntiForgeryConfig.CookieName];
var cookieValue = antiForgeryCookie != null? antiForgeryCookie.Value: null;
//从cookies 和 Headers 中 验证防伪标记
//这里可以加try-catch
AntiForgery.Validate(cookieValue, request.Headers["__RequestVerificationToken"]);
}
else
{
new ValidateAntiForgeryTokenAttribute().OnAuthorization(filterContext);
}
}
}
}
然后每个action加 [AjaxValidateAntiForgeryToken]
[HttpPost]
[AjaxValidateAntiForgeryToken]
public ActionResult CheckSend(FormCollection fc)
{
string apid = fc["apid"];
ApplyList apply = new ApplyList();
apply.SubmitSchool = 1;
apply.S_Id = 1;
apply.Id = int.Parse(apid);
List<string> lsfield = new List<string>();
lsfield.Add("SubmitSchool");
lsfield.Add("S_Id");
_applyListService.UpdateApplyStatus(apply, lsfield);
return Json(new { status = "1" });
}