gsuttie
Reputation: 63
MVC Antiforgery requestvalidation token appearing in querystring
I have an MVC 3 view with the following code:-
@using (Html.BeginForm(MVC.Order.SearchResults(), FormMethod.Get))
{
@Html.AntiForgeryToken()
@Html.Button("btnSearch", "Search", HtmlButtonType.Submit, null, new { @class = "button primary icon search", alt = "Search the orders (up to 50 characters)" }
}
When I post the form I see the __RequestVerificationToken= and the contents of the verifcation token within the querystring.
Any ideas why this may be the case and how to sort it?
Upvotes: 1
Views: 1367
Answers (2)
pauliusnrk
Reputation: 593
There is a workaround how you can pass antiforegy value through GET method or even in headers. More details here.
Upvotes: 0
Darin Dimitrov
Reputation: 1039508
Anti forgery token work only with POST requests. If you want to use them you need to change the verb used of the form to POST instead of GET:
@using (Html.BeginForm(MVC.Order.SearchResults(), FormMethod.Post))
{
@Html.AntiForgeryToken()
@Html.Button("btnSearch", "Search", HtmlButtonType.Submit, null, new { @class = "button primary icon search", alt = "Search the orders (up to 50 characters)" }
}
Upvotes: 4
Related Questions
- The anti-forgery token Error
- MVC4 AntiForgery token cookie name is appended with random string
- ASP.NET MVC AJAX POST ValidateAntiForgeryToken
- Valid characters in AntiForgery token __RequestVerificationToken
- anti-forgery token error
- ASP .NET MVC anti-forgery token value, not HTML
- Dealing with missing/invalid AntiForgeryTokens in ASP.NET MVC
- How to pass through the AntiForgeryToken in MVC
- Validation issue with ASP.NET MVC AntiForgeryToken
- MVC3 AntiForgeryToken Issue