I'm rolling my own ValidateAntiForgeryToken
attribute for Web API 2.2 for one of my controllers that processes form data through AJAX calls.
我正在为我的一个通过AJAX调用处理表单数据的控制器滚动我自己的Web API 2.2的ValidateAntiForgeryToken属性。
I'm sending the data to my controller as JSON and it looks like this (pulled from Fiddler):
我将数据作为JSON发送到我的控制器,它看起来像这样(从Fiddler拉出):
{"__RequestVerificationToken":"E8EoBCaFbqSOXhQZiuM93jciTcOAYeLjZj682-3SZRaQ6OOtrm-caZI_IWnX1FH_nwe_AuWnWwxy5ulS0Ynz0STlNptqN09Lu69HxyTeA9PUln8h73yjahB24QPxqI010","ProjectInfo.Description":"Test Description 2"}
I was trying to get the __RequestVerificationToken
data like this, but it's not working:
我试图获取这样的__RequestVerificationToken数据,但它不起作用:
JToken json = (JToken)actionContext.ActionArguments["json"];
formToken = (string)json["__RequestVerificationToken"];
formToken
keeps containing null values so through some debugging I've found that the entire JSON value is being considered a Key, with an empty value as seen in the screenshot below:
formToken保持包含空值,因此通过一些调试我发现整个JSON值被认为是一个Key,其值为空值,如下面的屏幕截图所示:
I'm not sure why this is happening, since the JSON appears to be valid. Fiddler is able to parse the JSON without issues in it's built in Json Viewer, but JSON.NET appears to be sticking the entire json string as the Key instead of parsing it. I know that I could hack it and manually parse out the value I need from the key, but that's dirty as I rather this be done properly.
我不确定为什么会发生这种情况,因为JSON似乎是有效的。 Fiddler能够解析JSON而没有内置Json Viewer的问题,但是JSON.NET似乎将整个json字符串作为Key而不是解析它。我知道我可以破解它并手动从密钥中解析出我需要的值,但这很脏,因为我宁愿这样做。
Is there something wrong with my JSON or method that I'm using to obtain it, or is there a bug in the json.net library/asp.net causing this behavior? Any idea why this might be happening?
我用JSON或方法获取它有什么问题,或者json.net库/ asp.net中是否存在导致此行为的错误?知道为什么会这样吗?
EDIT:
It's possible that somehow the data is being serialized twice, but I'm not sure why/how. From my debugger here's the stringified value of json
:
有可能以某种方式将数据序列化两次,但我不确定为什么/如何。从我的调试器这里是json的字符串化值:
Root = {
"{\"__RequestVerificationToken\":\"yqob-3bUW8C8sUrHWu_feRFOz2KPUKqugo1QoN2s8v9UhlMTwSonxoEdnh85TdM56Xj-aixZdgSQXs8D6ureAQTU83wVtvsoLBd2tDl0ZPyq_2sFefObQx0VHOExQjgh0\",\"ProjectInfo.Description\":\"Test Description\"}": ""
}
Here's the code that generates the JSON on the client side. It's a jQuery extension:
这是在客户端生成JSON的代码。这是一个jQuery扩展:
$.fn.serializeObject = function () {
var o = {};
var a = this.serializeArray();
$.each(a, function () {
if (o[this.name] !== undefined) {
if (!o[this.name].push) {
o[this.name] = [o[this.name]];
}
o[this.name].push(this.value || '');
}
else {
o[this.name] = this.value || '';
}
});
return o;
};
This is then called as such in the submit method:
然后在submit方法中调用它:
$('#description-editable form').submit(function (e) {
e.preventDefault();
var data = JSON.stringify($(this).serializeObject());
//ajax method for PUT here...
});
1 个解决方案
#1
It depends on what your AJAX options are, but it looks like your object is being stringified twice before it gets sent up. You should be able to remove the stringify
call:
这取决于你的AJAX选项是什么,但看起来你的对象在被发送之前被字符串化了两次。你应该能够删除stringify调用:
$('#description-editable form').submit(function (e) {
e.preventDefault();
var data = $(this).serializeObject();
//ajax method for PUT here...
});
#1
It depends on what your AJAX options are, but it looks like your object is being stringified twice before it gets sent up. You should be able to remove the stringify
call:
这取决于你的AJAX选项是什么,但看起来你的对象在被发送之前被字符串化了两次。你应该能够删除stringify调用:
$('#description-editable form').submit(function (e) {
e.preventDefault();
var data = $(this).serializeObject();
//ajax method for PUT here...
});