Reputation: 3305
MVC AntiForgeryToken exception - Handle globally
In my MVC project, there are multiple actions where security between requests and responses is increased with the [ValidateAntiForgeryToken] attribute. This works fine. Problems arise when a user keeps the page open for several minutes (I assume 20, (Session State timeout?)) and then sends a request to the server. This causes an error, because the token sent back no longer matches the token on the server.
Reading this question, it can be solved by adding a HandleError attribute on each specific action that uses [ValidateAntiForgeryToken].
Is there a way to set this globally for the entire website? I'd hate setting it on every action separately.
Upvotes: 2
Views: 2462
Answers (1)
Reputation: 1244
You can regsiter an ActionFilter globally in global.asax on Application_Start() event.
protected void Application_Start()
{
// Register global filter
GlobalFilters.Filters.Add(new HandleErrorAttribute());
RegisterGlobalFilters(GlobalFilters.Filters);
RegisterRoutes(RouteTable.Routes);
}
Upvotes: 2
Related Questions
- A way of properly handling HttpAntiForgeryException in MVC 4 application
- Broken AntiforgeryToken with Microsoft MSAL
- AntiForgeryToken Error in ASP.NET MVC 5 app
- ASP.NET MVC5 Basic HTTP authentication and AntiForgeryToken exception
- Dealing with missing/invalid AntiForgeryTokens in ASP.NET MVC
- How to pass through the AntiForgeryToken in MVC
- AntiForgeryToken deprecated in ASP.Net MVC 4 RC
- MVC3 AntiForgeryToken Issue
- How can I intercept and handle an AntiForgeryToken exception?
- ASP.NET MVC AntiForgeryToken throwing its exception on GET?