Last post May 16, 2016 03:31 PM by boming0529
Mar 10, 2015 01:58 PM|a.paranoid.android|LINK
I am building an ASP.NET 5 app on a Mac. I am trying to use the tag helpers feature. In my controller, I have the following:
public ActionResult Login(LoginViewModel viewModel, string returnUrl = null)
In my view, I have the following:
<form method="POST" action="~/account/login" asp-anti-forgery="true">
<div class="validation" asp-validation-summary="All" />
<input id="Username" name="Username" />
<input id="Password" name="Password" />
When I click the Login button, I get the following error:
Microsoft.AspNet.Mvc.TokenProvider.ValidateTokens(HttpContext httpContext, ClaimsIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken)
What am I doing wrong?
Mar 11, 2015 05:50 AM|Archer Wang|LINK
From your error messge, I found some similar case for you to refer. Please check the below links.
Hope this could be helpful to you.
Mar 11, 2015 07:48 AM|Afzaal.Ahmad.Zeeshan|LINK
Instead of that, did you try using this following code to render an Anti-Forgery token?
If both of them don't work, then try to check if cookies are enabled in your browser, because cookie is set by this code if cookie isn't available, ValidateAntiForgeryToken code would through the exception, saying there was nothing to validate against. The
above provided code, create a new input field (of hidden type) and adds a token to the element, which is used on the server-side; for securing the applications from a website forgery attack.
If you go to
this blog post, and read it, you will find out that the form field, "__RequestVerificationToken" is the name of the input element created, and the value is a token. Which is required, otherwise you will keep getting this error. Go through these possible
reasons of this problem to fix the problem.
Mar 11, 2015 09:26 AM|a.paranoid.android|LINK
I added @Html.AntiForgeryToken() and it works fine. That means that cookies are enabled in the browser. Its like the tag helpers are not working. Here is my list of dependencies:
What am I doing wrong? I want to keep this as much "ASP.NET 5" as possible as I'm building this app as a learning exercise.
Mar 11, 2015 09:35 AM|a.paranoid.android|LINK
I should have also mentioned,
In Fiddler, I noticed the following:
With @Html.AntiForgeryToken(), the TextView of the request looks like this:
Without @Html.AntiForgeryToken(), the TextView of the request looks like this:
However, the __RequestVerificationToken value is still present in the list of cookies.
Mar 12, 2015 03:38 PM|Afzaal.Ahmad.Zeeshan|LINK
That is because the token is present in the form then. The URL's QueryString that you're to show is an output of GET HTTP request, which serializes the form content and then passes it to the server, whereas POST doesn't show the content in URL.
That code clearly tells, that when you use @Html.AntiForgeryToken(), the token is generated and is stored... if you don't use it, the token is not generated in the form. And that is the exact reason for your error, "Token was not found". I believe that you
need to use @Html.AntiForgeryToken() to generated the token as per now; because sending that token as a form content is also necessary. Storing it inside your browser somewhere won't just validate your request.
Mar 15, 2015 06:26 PM|Mikesdotnetting|LINK
Did you remember to add
to the View or the _ViewStart.cshtml file?
May 16, 2016 03:31 PM|boming0529|LINK
you can turn "asp-anti-forgery" into "asp-antiforgery".
<form method="post" asp-action="TestPage" asp-antiforgery="true"></form>
the source code of FormTagHelper.cs