https://stackoverflow.com/a/24394578/3782855

You don't need the ValidationHttpRequestWrapper solution since MVC 4. According to this link.

  1. Put the token in the headers.
  2. Create a filter.
  3. Put the attribute on your method.

Here is my solution:

var token = $('input[name="__RequestVerificationToken"]').val();

var headers = {};

headers['__RequestVerificationToken'] = token;

$.ajax({

    type: 'POST',

    url: '/MyTestMethod',

    contentType: 'application/json; charset=utf-8',

    headers: headers,

    data: JSON.stringify({

        Test: 'test'

    }),

    dataType: "json",

    success: function () {},

    error: function (xhr) {}

});
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false, Inherited = true)]

public class ValidateJsonAntiForgeryTokenAttribute : FilterAttribute, IAuthorizationFilter

{

    public void OnAuthorization(AuthorizationContext filterContext)

    {

        if (filterContext == null)

        {

            throw new ArgumentNullException("filterContext");

        }

        var httpContext = filterContext.HttpContext;

        var cookie = httpContext.Request.Cookies[AntiForgeryConfig.CookieName];

        AntiForgery.Validate(cookie != null ? cookie.Value : null, httpContext.Request.Headers["__RequestVerificationToken"]);

    }

}

[HttpPost]

[AllowAnonymous]

[ValidateJsonAntiForgeryToken]

public async Task<JsonResult> MyTestMethod(string Test)

{

    return Json(true);

}

Updated Anti-XSRF Validation for ASP.NET MVC 4 RC

Preventing CSRF With Ajax

You can try to apply the ValidateAntiForgeryTokenAttribute attribute to an action method, but it will fail every time if you try to post JSON encoded data to the action method. On one hand, the most secure action possible is one that rejects every request. On the other hand, that’s a lousy user experience.

The problem lies in the fact that the under the hood, deep within the call stack, the attribute peeks into the Request.Form collection to grab the anti-forgery token. But when you post JSON encoded data, there is no form collection to speak of. We hope to fix this at some point and with a more flexible set of anti-forgery helpers. But for the moment, we’re stuck with this.

Preventing CSRF With Ajax的更多相关文章

  1. Preventing CSRF in Java web apps---reference

    reference from:http://ricardozuasti.com/2012/preventing-csrf-in-java-web-apps/ Cross-site request fo ...

  2. Bypass Preventing CSRF

    CSRF在过去的n年(n>2)一直都火,在bh/defcon/owasp等会议上多次探讨CSRF的攻防[具体你可以看看以往的那些pp].前 段时间PLAYHACK.net上发表了一个总结性的pp ...

  3. CSRF之Ajax请求

    A:Ajax提交数据是,携带的CSRF在data中: <form method="POST" action="/csrf.html"> {% csr ...

  4. asp.net MVC中防止跨站请求攻击(CSRF)的ajax用法

    参考: Preventing Cross-Site Request Forgery (CSRF) AttacksValidating .NET MVC 4 anti forgery tokens in ...

  5. Django与CSRF 、AJAX

    CSRF(Cross-site request forgery)跨站请求伪造,是一种常见的网络攻击手段,具体内容和含义请大家自行百度. Django为我们提供了防范CSRF攻击的机制. 一.基本使用 ...

  6. 六十六:CSRF攻击与防御之CSRF防御之ajax防御和ajax封装

    app里面还是要绑定CSRFProtect from flask_wtf import CSRFProtect # flask_wtf 已经提供CSRF的防御手段CSRFProtect(app) # ...

  7. 第六章:Django 综合篇 - 17:CSRF与AJAX

    CSRF(Cross-site request forgery)跨站请求伪造,是一种常见的网络攻击手段,具体内容和含义请大家自行百度. Django为我们提供了防范CSRF攻击的机制. 一.基本使用 ...

  8. 保护ASP.NET 应用免受 CSRF 攻击

    CSRF是什么? CSRF(Cross-site request forgery),中文名称:跨站请求伪造,也被称为:one click attack/session riding,缩写为:CSRF/ ...

  9. 漏洞科普:对于XSS和CSRF你究竟了解多少

    转自:http://www.freebuf.com/articles/web/39234.html 随着Web2.0.社交网络.微博等等一系列新型的互联网产品的诞生,基于Web环境的互联网应用越来越广 ...

随机推荐

  1. python代码工具小结

    目录: 1.with读.写文件 (1)with读文件 (2)with写文件 2.requests爬虫 (1)get请求 (2)post请求 1.with读.写文件 (1)with读文件 (2)with ...

  2. c# System.Array

  3. 系统调用IO和标准IO

    目录 1. 系统调用IO(无缓冲IO) 系统调用 常用系统调用IO函数 open close read write lseek ioctl 2. 标准IO(带缓冲IO) 概述 缓冲与冲洗 常用标准IO ...

  4. 【Flask】 python学习第一章 - 创建与运行参数

    windos 创建环境 sudo pip install virtualenv   # 安装virtualenv virtualenv -p python dir_name cd dir_name p ...

  5. UVA816 Abbott's Revenge (三元组BFS)

    题目描述: 输入输出: 输入样例: SAMPLE 3 1 N 3 3 1 1 WL NR * 1 2 WLF NR ER * 1 3 NL ER * 2 1 SL WR NF * 2 2 SL WF ...

  6. wamp——添加多版本PHP

    前言 从下载到部署,手把手教学~ wamp 版本 | 3.0.4 32位 步骤 下载PHP 进入网站https://windows.php.net/download然后选择想要的版本下载 注意点: . ...

  7. Dubbo官方文档

    官方文档:http://dubbo.apache.org/en-us/docs/user/quick-start.html

  8. Mac上搭建Python集成环境

    Jenkins安装 第一种方式下载安装包 官网 https://jenkins.io/download/ 下载安装包 第二种通过homebrew安装,前提需要安装jdk(推荐) brew instal ...

  9. LightOJ - 1282 - Leading and Trailing(数学技巧,快速幂取余)

    链接: https://vjudge.net/problem/LightOJ-1282 题意: You are given two integers: n and k, your task is to ...

  10. Codeforces Round #604 (Div. 2) A,B,C【D题待补】

    思路:直接暴力判断就OK了 #include<bits/stdc++.h> using namespace std; #define int long long signed main() ...