ASP.NET MVC 5 – Form Post Cross Domain Validation
|
@using( Html.BeginForm() ) { @Html.AntiForgeryToken(); … … … … <input type="Submit" value="Submit" /> } |
|
[HttpPost] [ValidateAntiForgeryToken] public ActionResult Index(… …) { return View(); } |
| Web Form HTML Code from Client Side … |
|
< form action="… …" method="POST" > < input name="__RequestVerificationToken" type="hidden" value="_bqy-L0mG7K4n5hCwcOJ1ANuw0Lm5jydnyS8D6GPQKsRaIxjS74tRT6kqE4QZlXNXIiC7NrOn4lJVvfsbvGwf79U" /> < input type="Submit" value="Submit" /> < /form > |
Remarks :
If the "__RequestVerificationToken" Token is not existed from the Web Form,
the Web Application Controller cannot get the RequestVerificationToken for Validation.
Then the Form Post Submission Error "The required anti-forgery form field "__RequestVerificationToken" is not present." would be thrown …
The Reason is as follow :
i) The Web Form Client is submitted from Untrusted Website.
The Form Post Application Server and Web Form Client is not in the same Domain Name ( CORS ).
Then there is no "__RequestVerificationToken" Element which is Posted the Web Form …
ii) The Developer has not added the AntiForgeryToken HTML Helper Control in the form.
If the "__RequestVerificationToken" Token is not existed from the Web Form,
the Web Application Controller cannot get the RequestVerificationToken for Validation.
Then the Form Post Submission Error "The required anti-forgery form field "__RequestVerificationToken" is not present." would be thrown …
The Reason is as follow :
i) The Web Form Client is submitted from Untrusted Website.
The Form Post Application Server and Web Form Client is not in the same Domain Name ( CORS ).
Then there is no "__RequestVerificationToken" Element which is Posted the Web Form …
ii) The Developer has not added the AntiForgeryToken HTML Helper Control in the form.
馬仔驚自己唔記得要留既notes 