我已经被带到了我的第一个MVC和C#项目,所以我非常感谢任何指导。MVC - 反伪造令牌错误
我创建了一项新功能,用于检查用户是否在登录时进行过安全培训。如果用户没有进行安全培训,则会将用户导向到培训页面,他们只是同意/不同意规则。如果用户同意,则登录完成。如果用户不同意,他/她将被注销。
我的问题是,当我在培训视图中选择同意/不同意按钮时,我得到以下 它应该将我路由到主页或注销用户。
控制器
public ActionResult UserSecurityTraining(int ID, string returnUrl)
{
// check if user already has taken training (e.g., is UserInfoID in UserSecurityTrainings table)
var accountUser = db.UserSecurityTraining.Where(x => x.UserInfoID == ID).Count();
// If user ID is not in UserSecurityTraining table...
if (accountUser == 0)
{
// prompt security training for user
return View("UserSecurityTraining");
}
// If user in UserSecurityTraining table...
if (accountUser > 0)
{
return RedirectToLocal(returnUrl);
}
return View();
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> UserSecurityTrainingConfirm(FormCollection form, UserSecurityTraining model)
{
if (ModelState.IsValid)
{
if (form["accept"] != null)
{
try
{
// if success button selected
//UserSecurityTraining user = db.UserSecurityTraining.Find(); //Create model object
//var user = new UserSecurityTraining { ID = 1, UserInfoID = 1, CreatedDt = 1 };
logger.Info("User has successfully completed training" + model.UserInfoID);
model.CreatedDt = DateTime.Now;
db.SaveChanges();
//return RedirectToAction("ChangePassword", "Manage");
}
catch (Exception e)
{
throw e;
}
return View("SecurityTrainingSuccess");
}
if(form["reject"] != null)
{
return RedirectToAction("Logoff", "Account");
}
}
return View("UserSecurityTraining");
}
查看
@model ECHO.Models.UserSecurityTraining
@{
ViewBag.Title = "Security Training";
Layout = "~/Views/Shared/_LayoutNoSidebar.cshtml";
}
<!--<script src="~/Scripts/RequestAccess.js"></script>-->
<div class="container body-content">
<h2>@ViewBag.Title</h2>
<div class="row">
<div class="col-md-8">
@using (Html.BeginForm("UserSecurityTrainingConfirm", "Account", FormMethod.Post, new { role = "form" }))
{
<fieldset>
@Html.AntiForgeryToken()
Please view the following security training slides:<br><br>
[INSERT LINK TO SLIDES]<br><br>
Do you attest that you viewed, understood, and promise to follow the guidelines outlined in the security training?<br><br>
<input type="submit" id="accept" class="btn btn-default" value="Accept" />
<input type="submit" id="reject" class="btn btn-default" value="Reject" />
</fieldset>
}
</div><!--end col-md-8-->
</div><!--end row-->
</div><!-- end container -->
@section Scripts {
@Scripts.Render("~/bundles/jqueryval")
}
除非你返回一个无效模型,否则你应该只从HTTP POST控制器操作方法中返回'RedirectToAction'。例如,为了保持适当的PRG(Post,Redirect,Get)模式,此行返回View(“SecurityTrainingSuccess”);'应该在这一行返回RedirectToAction(“SecurityTrainingSuccess”);'' MVC很大程度上依赖于你正确地遵循PRG,或者事情变得非常时髦。 – Tommy