We have a website that uses MVC3 and a proprietary authentication method that does not rely on forms authentication at all - at least from what I can say. In web.config we install
<authentication mode="None"></authentication>
and we never use / install HttpContext.User anywhere in the code. The problem is that when using @ Html.AntiForgeryToken () in some cases, the user receives this error message:
A required anti-forgery token was not supplied or was invalid
We centralize all anti-lock checks in OnAuthorization with this code:
if (String.Compare(filterContext.HttpContext.Request.HttpMethod, "post", true) == 0)
{
var forgery = new ValidateAntiForgeryTokenAttribute();
forgery.OnAuthorization(filterContext);
}
This is where the exception occurs. defined machineKey in the web.config file to prevent new keys from appearing when reusing the application pool. This did not fix the problem.
, , , cookie. cookie , cookie RequestVerificationToken_Lw , - - cookie, , Google Analytics, . , - cookie ?
, - . ? AntiForgeryToken, . , 90% , , .
?
!