Implementing the ValidateAntiForgeryToken with Umbraco 6.0.3
Hi,
I am trying to implement the ValidateAntiForgeryToken inside my Umbraco 6.0.3 solution but I am running into the error below.
I believe I am using this corrctly for a standard MVC project but I can't get this to work with Umbraco, I have search for any documentation on this but have not come across any. So if anyone could help me or point me towards the documentation I would be very greatful.
My Implementation
## Controller ##
[ValidateAntiForgeryToken]
public override ActionResult Index(RenderModel model)
{
....
}
## View ##
@inherits Umbraco.Web.Mvc.UmbracoTemplatePage
@{
Layout = "~/Views/Shared/_Layout.cshtml";
}
@Html.AntiForgeryToken()
## Standard MVC Error ##
Server Error in '/' Application.
The required anti-forgery cookie "__RequestVerificationToken" is not present.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.Mvc.HttpAntiForgeryException: The required anti-forgery cookie "__RequestVerificationToken" is not present.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
i think the problem is that when the Index Method is called on your controller the AntiForgeryToken is not present at all.
Thats because you call the Html.AntiForgeryToken() when the view is rendered and that is after the controller is executed.
The only way i used the Html.AntiForgeryToken is when I'm submitting form data to a controller. I don't think that it is usefull when just rendering a page.
Yes, that's correct David. It's used to prevent cross site request forgery attacks which are all about posted forms. So it's not intended or useful for just rendering pages.
To use it, decorate the action method that handles the form post back, and place the @Html.AntiForgeryToken() call within the form in your view.
Implementing the ValidateAntiForgeryToken with Umbraco 6.0.3
Hi,
I am trying to implement the ValidateAntiForgeryToken inside my Umbraco 6.0.3 solution but I am running into the error below.
I believe I am using this corrctly for a standard MVC project but I can't get this to work with Umbraco, I have search for any documentation on this but have not come across any. So if anyone could help me or point me towards the documentation I would be very greatful.
My Implementation
## Controller ##
[ValidateAntiForgeryToken]
public override ActionResult Index(RenderModel model)
{
....
}
## View ##
@inherits Umbraco.Web.Mvc.UmbracoTemplatePage
@{
Layout = "~/Views/Shared/_Layout.cshtml";
}
@Html.AntiForgeryToken()
## Standard MVC Error ##
Server Error in '/' Application.
The required anti-forgery cookie "__RequestVerificationToken" is not present.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.Mvc.HttpAntiForgeryException: The required anti-forgery cookie "__RequestVerificationToken" is not present.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
Hi,
i think the problem is that when the Index Method is called on your controller the AntiForgeryToken is not present at all.
Thats because you call the Html.AntiForgeryToken() when the view is rendered and that is after the controller is executed.
The only way i used the Html.AntiForgeryToken is when I'm submitting form data to a controller. I don't think that it is usefull when just rendering a page.
Maybe i get something wrong?
Yes, that's correct David. It's used to prevent cross site request forgery attacks which are all about posted forms. So it's not intended or useful for just rendering pages.
To use it, decorate the action method that handles the form post back, and place the @Html.AntiForgeryToken() call within the form in your view.
Hi,
Thanks for the feedback, this was for a test project to get a feel for umbraco. I have added a new post event and everything fell into place.
Cheers pointing out my mistake :)
is working on a reply...