The required anti-forgery cookie
"_RequestVerificationToken..." is not present
I am getting this error on one specific machine. On that machine user gets it in two different browsers. rebooting, restarting browser, cleaning cookies, and restarting IIS App pool didn't solve the issue.
On different machines this web app works fine.
conttroller:
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Edit(MyModel thisObject)
{
}
page:
<body>
#using (Html.BeginForm())
{
#Html.AntiForgeryToken()
....
<input type="submit" value="Save" class="btn btn-primary" />
}
Any idea what's going on here?
When adding the AntiForgeryToken reference in the form, it generates a hidden input marked name=__RequestVerificationToken. Get the value of that input and add that to your call as a parameter.
Check the answer to this post for details include antiforgerytoken in ajax post ASP.NET MVC
Related
I need my app to allow POST requests from anywhere without throwing a 400 Bad Request error. I am using <form action='/anotherurl' method='post'> and need to be able use the parameters passed through POST on another page in my application. Note: I cannot use GET because I do not want the parameters visible in the URL.
I have tried adding #attribute [IgnoreAntiforgeryToken] to the page but that did not work. Is there a way to force Blazor to allow for the POST request to go through?
Edit: Here is the entire form
<form action="/ClientReports" method="post" target="_blank">
#foreach (var id in SelectedClientIds)
{
<input type="hidden" id="Params" name="Params" value="#id">
}
<input type="submit" value="Client Reports">
</form>
The parameters are added to hidden inputs and then submitted like a normal HTML form but when the navigation occurs the result is a 400 error. The same code with a GET request does work.
Adding #attribute [IgnoreAntiforgeryToken] to the _Host.cshtml file will allow HTML forms to POST to a Blazor Server app.
Note: Since Blazor is a SPA this will turn off Anti-forgery globally, more code is required to turn it off for individual pages.
I get this error in my login form:
The required anti-forgery form field "__RequestVerificationToken" is not present
I am using the default project of ASP.NET MVC generated with visual studio 2015 template.
Login.cshtml:
#using (Html.BeginForm("Login", "Account", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new { #class = "form-horizontal", role = "form" }))
{
#Html.AntiForgeryToken()
...
}
AccountController:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
...
}
Machine Key definition in web.config:
<machineKey validationKey="6237432C07086CE1A8FAAD3CC71A3AC1DE0B22DE9061D7CAF798E5B18E6E888D7A3F88004D0A928952CB81598ED565B26F8175E30294B1F5A1F3220229163F1C"
decryptionKey="E61A22E8DEE09CB4640B2863705CE6BC95E64C8797CAB8CAE7463BE7F9AB1B94"
validation="SHA1"
decryption="AES" />
Generated HTML page:
<form action="/Account/Login" class="form-horizontal" method="post" role="form">
<input name="__RequestVerificationToken" type="hidden" value="Ei4E03S5nvvdR9N2KJg8aGDQK9fI3xbBJLJzT3z3c7QAyyxbGf11ncmTAiD-8itHoKWYuNNghOsmyTS2hBDlmkv7Ttk1" />
I have a cookie in my browser with name __RequestVerificationToken and value qM5XwYIQiiHk2lumHWcXHOPPji2VptN95X0FDLneyXSN3_sGrF6fe7zt8KHC5MjopQoBh9sJl5vEJLGOAzy1h-8R-nk1 that expires on session end: When the browsing session ends.
This errors is not happening on local with IIS Express, but after I deployed project to a server, this error occurred.
Clearing cookie and restarting browser did not solve the issue.
Any idea?
EDIT:
I removed anti-forgery token from both controller and view and found something strange: form submits data without any problem but somewhere between submitting and validation, all fields become null or empty. __RequestVerificationToken became null before validation and this causes the problem. Now I am investigating on this new problem :(
In Your Web.config find <httpCookies requireSSL="true" />property and comment it out , or set up You project to always Use SSL.
I'm trying to submit a simple form for my ASP.NET MVC website, but I keep getting a StackOverFlow Exception. I don't understand what I'm doing wrong; it should be a pretty straightforward process...
Here is the form code:
<form action="/Home/SubmitAnnouncements" method="post">
<textarea name="announcementcode" style="width:100%; height:800px">#Model.RawAnnouncementCode</textarea>
<div id="find_account" class="two columns"><input id="find_account_btn" class="link_button" type="submit" name="Submit" value="Submit New Announcements" /></div>
</form>
And here is the Controller code for the action:
[HttpPost, ValidateInput(false)]
public ActionResult SubmitAnnouncements(string announcementcode)
{
SubmitAnnouncements(announcementcode);
return RedirectToAction("Index", "Home");
}
This problem stated when I added [HttpPst, ValidateInput(false)], but I need to do that, because the user is submitting raw HTML code. Any ideas anyone?
The ValidateInput attribute didn't cause your error, you just never reached the point in your code that causes the StackOverflowException until it was added.
If you look at the first line of your action, you'll notice you're calling the same method.
I am working with a credit card payment gateway. The access to gateway is written in ColdFusion (8). I am developing a new web site in asp.net/C# and using this payment gateway in ColdFusion. I could sucessfully post data from HTML form in my asp.net page to ColdFusion page. After processing the payment the ColdFusion page posts back a form with data to the asp.net page.
<cfoutput>
<form name="frmupdate" method="post" action="#return_url#">
<input type="hidden" name="ordernumber" value="#order_no">
</form>
</cfoutput>
The redirection is done correctly and debug point in asp.net page (return_url) is hit. When I try to access the form field "ordernumber" (Request.Form["ordernumber"]) it always returns null. Cannot change the logic in ColdFusion. Please give me a hint to make this work. Or any basic rule I have forgotten?
The complete code should be:
<cfoutput>
<form name="frmupdate" method="post" action="#return_url#">
<input type="hidden" name="ordernumber" value="#order_no#">
</form>
</cfoutput>
I'm using umbraco with extensionless urls.
I've inserted a simple piece of HTML in one of my masterpages (en/test) :
<form method="post" enctype="multipart/form-data">
<input type="submit" />
</form>
When I press the submit button, I get a 404. The path is exactly the same and should exist.
When I remove the enctype part, the submit occurs fine.
I can't figure out how to fix this, but I bet it has something to do with the rewriting.
I also tried the following without success:
<form method="post" enctype="multipart/form-data" action="/en/test">
<input type="submit" />
</form>
<form method="post" enctype="multipart/form-data" action="/en/test.aspx">
<input type="submit" />
</form>
The only page where I CAN use the enctype attribute, is on the actual homepage. I guess this has to do with the fact that the physic default.aspx exists.
=============== UPDATE =================
There is only one form element in the page, the one that I've inserted. So a "whole page" form element is certainly not the case. Secondly, yes the form is in theory posting back to itself. I also tried an empty action tag, plus an action tag with the full url as suggested, with the same results.
When I either use the following scenario's:
No action attribute
action=""
action="{relative path}"
action="{absolute path}"
I end up on exact same URL as where I fired the submit from. But it's a 404. When I press the enter key in my address bar, no 404, I'm back at my original page with the same URL.
First question I should ask is do you get a 404 when you browse to "/en/test" or "/en/test.aspx". For the form to post back to itself try an empty action e.g. action="" or writing the current url into the action attribute. And one further question, do you have another form wrapped around your page with the runat="server" attribute because if you have you will end up with nested forms which will also cause you issues.
On a side node I would strongly suggest upgrading your installation to at least v4.11.4 due to a bug that was introduced in 4.10. Please see the following for details...
Trying to publish a root node (parent) after unpublishing a child result in a YSOD:
http://issues.umbraco.org/issue/U4-1491
Path Fixup
http://our.umbraco.org/projects/developer-tools/path-fixup