Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
801 views
in Technique[技术] by (71.8m points)

asp.net mvc 5 - Server Cannot Append Header After HTTP headers have been sent Exception at @Html.AntiForgery

I'm developing an asp.net mvc 5 application in which I was trying to redirect to the ReturnUrl by applying the code below :

[HttpPost]
[AllowAnonymous]
public ActionResult Login(UserLogin model, string returnUrl)
{
    if (ModelState.IsValid)
    {
        string EncryptedPassword = GetMD5(model.Password);
        if (DataAccess.DAL.UserIsValid(model.Username, EncryptedPassword))
        {
            FormsAuthentication.SetAuthCookie(model.Username, true);
            if (String.IsNullOrEmpty(returnUrl))
            {
                return RedirectToAction("Index", "Home");
            }
            else
            {
                Response.Redirect(returnUrl);
            }
        }
        else
        {
            ModelState.AddModelError("", "Invalid Username or Password");
        }
    }
    return View();
}

The above code is working fine, But the problem is that when I Post the login form, it gives me an Exception that I've never faced Before and I'm having difficulties resolving the exception that is generating in the view in Login.cshtml, At Line :

@Html.AntiForgeryToken()

And the Exception That it throws:

Server cannot append header after HTTP headers have been sent.

I've researched a lot but I'm unable to get to the conclusion. My application works fine when I remove @Html.AntiForgeryToken() line, But I don't want to do this, I want my application to remain cross-site request protected.

Can Anyone Please Help me out, How do I get rid of this Exception?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

When Response.Redirect(anyUrl) the status code is set to 302, and the header will added to the response :

HTTP 1.0 302 Object Moved 
Location: http://anyurl.com

And when ViewResult is executed and razor render the view the Html.AntiForgeryToken() will called, so the helper tries to add the header X-Frame-Options and some cookies to the response, it is the cause of the exception.

But don't worry you can suppress the addition of X-Frame-Options header, just put this AntiForgeryConfig.SuppressXFrameOptionsHeader = true; in the Application_start.

But I suggest you to change this:

Response.Redirect(returnUrl);

to

return Redirect(returnUrl);

Note

Since .NET code was opened you can see how the AntiForgeryToken works, see here AntiForgeryWorker.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...