AntiForgery exception: the required anti-fake token was not specified or was invalid

Question

AntiForgery exception: the required anti-fake token was not specified or was invalid

I have an MVC2 application. I am trying to implement the AntiForgeryToken helper to prevent CSRF attacks.

I use this using Steve Sanderson's blog: http://blog.stevensanderson.com/2008/09/01/prevent-cross-site-request-forgery-csrf-using-aspnet-mvcs-antiforgerytoken-helper/

When I implement this in a new MVC2 project, it works. But the same code, when I put it in my REAL application, ALWAYS throws this exception: The required anti-fake token was not specified or was invalid.

Here is my controller code:

[ValidateAntiForgeryToken] public ActionResult SubmitUpdate() { // Something goes here return View(); }

Code in view:

 <% using (Html.BeginForm("SubmitUpdate", "Test")) {%> <%= Html.AntiForgeryToken() %> <input type="submit" value="Submit" /> <% } %>

There is no difference in the two applications, except that the real application uses ADFS for authentication. What am I missing? Any help would be greatly appreciated. Thanks!

+4

asp.net-mvc antiforgerytoken

user629161 Jul 22 '11 at 15:37

source share

2 answers

Nate zaugg · Answer 1 · 2011-07-22T15:45:25+0000

Did you try to delete your cookies and try again?

hoserdude · Answer 2 · 2012-04-18T05:51:56+0000

The answer may lie in the answer to this question regarding the KB patch, as well as the fact that the Machine key is static between all the servers in your farm / cluster, etc.

AntiForgery exception: the required anti-fake token was not specified or was invalid

More articles: