Last post Dec 31, 2015 04:17 AM by Candice Zhou
Dec 30, 2015 09:27 PM|john1506|LINK
I used the CreateUserWizard to create a sign up form for a new user. A user record is created in the db. However when clicking the 'continue' button the above error occurs. I have read the posts on this subject and tried changing the ViewStateMode, but
that does not work.
Any help would be appreciated.
I am using vwd express 2012.
Validation of Anti-XSRF token failed.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.InvalidOperationException: Validation of Anti-XSRF token failed.
Line 39: If (Not DirectCast(ViewState(AntiXsrfTokenKey), String) = _antiXsrfTokenValue _
Line 40: Or Not DirectCast(ViewState(AntiXsrfUserNameKey), String) = If(Context.User.Identity.Name, String.Empty)) Then
Line 41: Throw New InvalidOperationException("Validation of Anti-XSRF token failed.")
Line 42: End If
Line 43: End If
Source File: C:\Users\John\Dropbox\PBCert\Site.master.vb Line: 41
[InvalidOperationException: Validation of Anti-XSRF token failed.]
SiteMaster.master_Page_PreLoad(Object sender, EventArgs e) in C:\Users\John\Dropbox\PBCert\Site.master.vb:41
System.Web.UI.Page.OnPreLoad(EventArgs e) +121
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +605
<asp:Content ID="Content3" ContentPlaceHolderID="MainContent" Runat="Server">
<asp:CreateUserWizard ID="CreateUserWizard1" runat="server" ContinueDestinationPageUrl="~/PayPal.aspx" MembershipProvider="SqlProvider">
Dec 31, 2015 04:17 AM|Candice Zhou|LINK
The current username is embedded in __VIEWSTATE when the Page is rendered to the browser. When a postback occurs, the anti-XSRF logic checks that the current username matches what is embedded in the submitted __VIEWSTATE. So it is expected that changing
the logged-in user in the middle of a workflow (with postbacks) will result in errors. This error should not occur if the user is simply navigating around the site.
If you check the server logs, you'll see that the users were indeed performing postbacks to the pages where failures occurred. The XSRF logic is already conditioned on an "if (IsPostBack)" check. You can verify this for yourself by looking at the Site.master