Reputation: 27955
Why __RequestVerificationToken in not found in Mono 4.2.2
ASP.NET MVC4 application uses cross-site forgery prevention according to MVC4 doc.
In form there is hidden variable
...
and cookie
Browsers posts cookie
__RequestVerificationToken
Post method hander is decorated with
[HttpPost,ValidateAntiForgeryToken]
Attributes. https protocil is ised. It worked earlier. After application was upgraded in submitting form in some cases produces exception
System.Web.Mvc.HttpAntiForgeryException
The required anti-forgery cookie "__RequestVerificationToken" is not present.
Description: HTTP 500.Error processing request.
Details: Error processing request.
Exception stack trace:
at System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens (System.Web.HttpContextBase httpContext, IIdentity identity, System.Web.Helpers.AntiXsrf.AntiForgeryToken sessionToken, System.Web.Helpers.AntiXsrf.AntiForgeryToken fieldToken) <0x4098fc20 + 0x003af> in <filename unknown>:0
at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate (System.Web.HttpContextBase httpContext) <0x4098e540 + 0x00092> in <filename unknown>:0
at System.Web.Helpers.AntiForgery.Validate () <0x4098e490 + 0x0006f> in <filename unknown>:0
at System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization (System.Web.Mvc.AuthorizationContext filterContext) <0x4098e420 + 0x0002b> in <filename unknown>:0
at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters (System.Web.Mvc.ControllerContext controllerContext, IList`1 filters, System.Web.Mvc.ActionDescriptor actionDescriptor) <0x41389eb0 + 0x00097> in <filename unknown>:0
at System.Web.Mvc.Async.AsyncControllerActionInvoker+<>c__DisplayClass25.<BeginInvokeAction>b__1e (System.AsyncCallback asyncCallback, System.Object asyncState) <0x4138957
how to fix this so that Request Verification Token can used?
Upvotes: 0
Views: 434
Answers (1)
Reputation: 2525
From you description, you are telling Action method to check the token but your form is not sending it, hence the missing __RequestVerificationToken
__RequestVerificationToken is generated by calling helper method @Html.AntiForgeryToken() in form
For example:
@using (Html.BeginForm("Manage", "Account")) {
@Html.AntiForgeryToken()
}
for more info, please see: http://www.asp.net/web-api/overview/security/preventing-cross-site-request-forgery-csrf-attacks
Upvotes: 1
Related Questions
- "__RequestVerificationToken is not present" error when I can clearly see it in Developer tools
- The required anti-forgery cookie "__RequestVerificationToken" is not present
- RequestVerificationToken does not match
- Generating a valid __RequestVerificationToken from C#
- The required anti-forgery cookie "__RequestVerificationToken" is not present.
- AntiforgeryValidationException: The required antiforgery header value "RequestVerificationToken" is not present
- The required anti-forgery cookie "__RequestVerificationToken" is not present. MVC 5
- mod_mono asp MVC4 error: System.Security.SecurityException - Couldn't impersonate token
- The required anti-forgery cookie "__RequestVerificationToken" is not present. I'm out of ideias
- RequestVerificationToken cookie not present in Response