Reputation: 3129
Antiforgery token issue resolved but weird after effect on project
I have 2 web application projects, both housed in TFS source control. The first project causes no issue with AntiForgery token.
This was the error
An exception of type 'System.InvalidOperationException' occurred in System.Web.WebPages.dll but was not handled in user code
Additional information: A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or 'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider' was not present on the provided ClaimsIdentity. To enable anti-forgery token support with claims-based authentication, please verify that the configured claims provider is providing both of these claims on the ClaimsIdentity instances it generates. If the configured claims provider instead uses a different claim type as a unique identifier, it can be configured by setting the static property AntiForgeryConfig.UniqueClaimTypeIdentifier.
and the found solution was to add
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimsIdentity.DefaultNameClaimType;
that to the Global.asax.cs file of the project that kept throwing that error, so I did and it fixed the issue.
However...Now this is where the weird part comes in...When I run the "fixed" application I am logged in as the user from my other web application.
So I decided to run the other application and noticed I was still logged in, so I logged out and stopped debugging. Then went into the "fixed" project and commented out the
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimsIdentity.DefaultNameClaimType;
and the project ran properly.
So apparently if I don't log out from the other application then this error gets thrown.
I have no idea what this is all about or even why this is happening, any idea's?
Upvotes: 2
Views: 1647
Answers (1)
Reputation: 118987
You're getting the errors because the cookie is stored against localhost which means any app you run will try to use it. To fix this you need to make the name of the cookie that your app uses distinct. This is done with the CookieName property. In the App_Start folder, edit the Startup.Auth.cs file (it may be named differently if you have a different template) and add in a line to set the cookie name:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
//snip
CookieName = "NameOfYourAppForExample"
});
Upvotes: 1
Related Questions
- Troubleshooting anti-forgery token problems
- How to disable the antiforgery token check in ASP.NET MVC Core 2
- Anti forgery tokens are reusable even after one request
- The anti-forgery token Error
- MVC4 AntiForgery token cookie name is appended with random string
- Antiforgery token issue in Internet Explorer
- mvc 6 generates antiforgerytoken only once
- anti-forgery token error
- AntiForgery Exception: A required anti-forgery token was not supplied or was invalid
- ASP.MVC antiforgery token and cryptographic errors