Gerard
Reputation: 2709
How to pass through the AntiForgeryToken in MVC
How to pass through the AntiForgeryToken to another action? The following does of course not work:
[ValidateAntiForgeryToken]
public ActionResult CheckSelection(string[] SelectedIds, int SessionId)
{
...
if (SomeCondition)
{
return RedirectToAction("Finish", "Session", new { SessionId = SessionId,
__RequestVerificationToken = Request.Params["__RequestVerificationToken"] });
}
....
}
Thanks for any help!
Upvotes: 1
Views: 2377
Answers (1)
Roy Dictus
Reputation: 33139
That is not possible. The anti-forgery token is based on both an Http Cookie and a hidden value in your Form; when doing an Action Redirect, that form value is lost and therefore the anti-forgery token cannot be validated.
You will need to come up with a design that does not need action redirect...
Upvotes: 4
Related Questions
- How to make the AntiforgeryToken As Secure in ASP.net MVC
- How to pass an AntiForgeryToken from one controller action to another?
- AntiForgeryToken Error in ASP.NET MVC 5 app
- MVC AntiForgeryToken exception - Handle globally
- AntiForgeryToken re-use
- Dealing with missing/invalid AntiForgeryTokens in ASP.NET MVC
- how AntiForgeryToken() works in MVC and how to retrieve value at server action method from AntiForgeryToken?
- How to invalidate AntiForgeryToken Asp.Net MVC 3
- MVC3 AntiForgeryToken Issue
- ASP.NET MVC AntiForgeryToken throwing its exception on GET?