I'm trying to protect my upload controller using MVC ValidateAntiForgeryToken
But I am struggling. Out include how to post to work __ RequestVerificationToken
I act like this:
[HttpPost, ValidateAntiForgeryToken] public ActionResult FileUpload (using hTTP Postedfailbes qqfile)
there are no open hooks seeing uploader that I could find me the cue codes to be used in creating this form out Will allow. / P>
Is anyone else managed to do this work?
Request
Http: // localhost: 54,275 / UserProfile / FileUpload qqfile = 266758_10150696082935268_8163320_o.jpg Host: Local Host: 54,275 User-agent:? Mozilla / 5.0 (Windows NT 6.1; WV64; rv: 27.0) Gicco / 20100101 Agio X / 27.0 Approved: Text / html, App / XHTML + XML, API / XML; Q = 0.9, * / *; Q = 0.8 Accept-Language: N-GB, N; Q = 0.5 Approved-Encoding: Jijip, Diflet DNT: 1 x requested with: XMLHttpRequest X-file-name: 266758_10150696082935268_8163320_o.jpg Content-Type: application / octet-stream X-mime-type: image / jpeg Referer: http: // Localhost: 54,275 / UserProfile / Edit Content-Length: 625352 Cookie: __test = 1; RememberMe = -1167340540 ^ 1 # -5833880764017141030; __rekvestverifikeshntokeँ = Beibltiso_l_i6bJnSYmituqQfq9y2ge63T85wl5pAhbPldPZqY8DhLTubmtmd9OLtAuJcHdmfaFHSbnlL7oAYAtxDJWdMOOzNrddhUl; DotNetOpenAuth.WebServerClient.XSRF-Session = O-L5-Hv0flYqKL27j0TGhA; Kaspaksauth = 52C5EDFB92A09FA0395676E23BE1EBBBF03D3E88EF7C81761B76C1C8EF67936C0D9FBFD730ED77B0246C49757828A7C17D0DD7644A1C50988ECFF4C3DEDF15783E5FD7C4BA97E484F9FD6460EB6A5310E27453B461E320D10E74A5F8AEE1C0A5B1367D0DB4060958B48DACB12E80AA23; TCSESSIONID = D9016B850A1BCFD6921E274467F52CEE Connection: keep-alive-Pragma: no cache Cache-Control: no-cache Fiddler-Encoding: base 64
text after
AntiForgeryToken An example of a FineUpload with validation If your form does not contain values of any other form, then AntiforGeri Some with ID (example below is to include a form with Testform).
@using (Html.BeginForm (MVCHelpers.Bank.Transactions.UploadFile (), FormMethod.Post, new {id = "testForm"})) {@ Html.AntiForgeryToken ()} < / Code>
and specify the form in the FineUploader which must also be sent to:
& lt; Div id = "fileupploadcontainer" & gt; & Lt; / Div & gt; & Lt; Script & gt; Var Uploader = New qq.FineUploader ({element: document.getElementById ("fileUploadContainer"), ... form: {element: "testForm", autoUpload: true}}); & Lt; / Script & gt;
This allows you to upload files in combination with [ValidateAntiForgeryToken] on your action. You can specify an actual form if the upload is part of the other form value, by specifying the ID of that form. Note AutoUpload, because this is incorrect by default when you set a form element.
Comments
Post a Comment