问题
I have an MVC2 application. I am trying to implement AntiForgeryToken helper to prevent CSRF attacks.
I am implementing this using Steve Sanderson's blog: http://blog.stevensanderson.com/2008/09/01/prevent-cross-site-request-forgery-csrf-using-aspnet-mvcs-antiforgerytoken-helper/
When I implement this in a NEW MVC2 project it works. But the same code when I put it in my REAL application, it ALWAYS throws this exception: A required anti-forgery token was not supplied or was invalid.
Here is my Controller code:
[ValidateAntiForgeryToken]
public ActionResult SubmitUpdate()
{
// Something goes here
return View();
}
Code in View:
<% using (Html.BeginForm("SubmitUpdate", "Test"))
{%>
<%= Html.AntiForgeryToken() %>
<input type="submit" value="Submit" />
<% } %>
There is no difference in the two apps except that the real application uses ADFS for autentication. What am I missing? Any help will be highly appreciated. Thanks!
回答1:
Have you tried deleting your cookies and trying again?
回答2:
Answer may lie in the answer to this question regarding a KB patch as well as ensuring the Machine key is static between all servers in your farm/cluster etc.
来源:https://stackoverflow.com/questions/6792435/antiforgery-exception-a-required-anti-forgery-token-was-not-supplied-or-was-inv