Geek Answers Handbook

ASP.NET MVC 3 website anti-counterfeiting token not only on IE

In my MVC 3 project, I have a login page that uses the anti-fake logic built into MVC 3.

In Firefox and Opera everything works fine, but in IE I get the following:

A required anti-forgery token was not supplied or was invalid.

I'm really fixated on why only IE suffers from this, I checked the cookie settings and they are set in the same way as other browsers, so I got lost here.

When I use the anti-fake code, I use both SALT and domain verification (which does not matter, but it’s worth saying).

Here is the view code:

 @model login.Models.LogOnModel @{ ViewBag.Title = "Log On"; } <script src="@Url.Content("~/Scripts/jquery.validate.min.js")" type="text/javascript"> </script> <script src="@Url.Content("~/Scripts/jquery.validate.unobtrusive.min.js")" type="text/javascript"></script> <script type="text/javascript"> $(function () { //focus on form. $("#UserName").focus(); }); </script> @using (Html.BeginForm("LogOn", "Account", FormMethod.Post, new { @class = "form login" })) { @Html.AntiForgeryToken(" !@ #Hq4(", ViewBag.AppDomain, "/") <div id="box"> <h1>Login</h1> Please enter your username and password. @Html.ActionLink("Register", "Register") if you don't have an account. <div class="block" id="block-login"> <h2> Login Form</h2> <div class="content login"> @Html.ValidationSummary(true) <div class="group buffer"> <div class="left"> <label class="label right"> @Html.LabelFor(m => m.UserName)</label> </div> <div class="right"> @Html.TextBoxFor(m => m.UserName, new { @class = "text_field" }) @Html.ValidationMessageFor(m => m.UserName) </div> </div> <div class="group buffer"> <div class="left"> <label class="label right"> @Html.LabelFor(m => m.Password)</label> </div> <div class="right"> @Html.PasswordFor(m => m.Password, new { @class = "text_field" }) @Html.ValidationMessageFor(m => m.Password) </div> </div> <div class="group buffer"> <div class="left"> <label class="label right"> @Html.LabelFor(m => m.RememberMe)</label> </div> <div class="right"> @Html.CheckBoxFor(m => m.RememberMe) </div> </div> <div class="group navform buffer"> <div class="right"> <button class="button" type="submit"> <img src="@Url.Content("~/Content/images/icons/key.png")" alt="Save" /> Login </button> </div> </div> </div> </div> </div> }

ViewBag.AppDomain is the value from web.config for easy customization during testing and use.

If I remove part of the domain and the path from the antiforgery tag, it works fine. Therefore, one of these two problems should be a problem.

+7
source share
3 answers

Not my favorite idea, but until I can figure it out, I extracted the domain settings and the paths that make IE happy.

If anyone has a suggestion, I am open, but for now I will agree to squeeze out the token.

Thank you all for your help.

0
source

I had a similar problem when using the special AntiCSRF marker creator. I have not used MVC3, but this may be a problem with similer.

The problem for me was that the domain name that I used locally to test the site had an underscore in it. Theoretically, the DNS name cannot have an underscore (although there may be a computer name), so IE did not save cookies.

This may not be the same problem, but there might be something related to the test environment and the way IE IE protects cookies.

Here is a very interesting article on the inside of IE cookie processing that can help you identify a problem.

http://blogs.msdn.com/b/ieinternals/archive/2009/08/20/wininet-ie-cookie-internals-faq.aspx

+6
source

I had the same problem as in the MVC3 project built in VS2010 and viewed through IE 11 (it works fine in Firefox).

I managed to get around this by adding cookieeless = "UseCookies" to the "forms" element in the web.config file in the root directory:

 <authentication mode="Forms"> <forms loginUrl="~/Account/LogIn" timeout="2880" slidingExpiration="true" requireSSL="false" cookieless="UseCookies"/> </authentication>
+1
source

More articles:


All Articles