Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Dan Mothersole 22 posts 109 karma points
    Jun 19, 2013 @ 16:38
    Dan Mothersole
    0

    Implementing the ValidateAntiForgeryToken with Umbraco 6.0.3

    Razor

    Hi,

    I am trying to implement the ValidateAntiForgeryToken  inside my Umbraco 6.0.3 solution but I am running into the error below.

    I believe I am using this corrctly for a standard MVC project but I can't get this to work with Umbraco, I have search for any documentation on this but have not come across any. So if anyone could help me or point me towards the documentation I would be very greatful.

    My Implementation 

    ## Controller ##

    [ValidateAntiForgeryToken]

            public override ActionResult Index(RenderModel model)

            {

    ....

    }

     

    ## View ##

    @inherits Umbraco.Web.Mvc.UmbracoTemplatePage

    @{

        Layout = "~/Views/Shared/_Layout.cshtml";

    }

    @Html.AntiForgeryToken()

     

    ## Standard MVC Error ## 

     

    Server Error in '/' Application.

    The required anti-forgery cookie "__RequestVerificationToken" is not present.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

    Exception Details: System.Web.Mvc.HttpAntiForgeryException: The required anti-forgery cookie "__RequestVerificationToken" is not present.

    Source Error: 

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.


    Stack Trace: 

    [HttpAntiForgeryException (0x80004005): The required anti-forgery cookie "__RequestVerificationToken" is not present.]
   System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken) +235334
   System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext) +71
   System.Web.Helpers.AntiForgery.Validate() +80
   System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext) +22
   System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) +96
   System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +324
   System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__19() +23
   System.Web.Mvc.Async.<>c__DisplayClass1.<MakeVoidDelegate>b__0() +19
   System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +10
   System.Web.Mvc.Async.WrappedAsyncResult`1.End() +62
   System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +57
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
   System.Web.Mvc.Async.WrappedAsyncResult`1.End() +62
   System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +47
   System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
   System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +25
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
   System.Web.Mvc.Async.WrappedAsyncResult`1.End() +62
   System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +47
   System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9628700
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
    Copy Link
  • David Brendel 792 posts 2970 karma points MVP 3x c-trib
    Jun 19, 2013 @ 16:46
    David Brendel
    101

    Hi,

    i think the problem is that when the Index Method is called on your controller the AntiForgeryToken is not present at all.

    Thats because you call the Html.AntiForgeryToken() when the view is rendered and that is after the controller is executed.

    The only way i used the Html.AntiForgeryToken is when I'm submitting form data to a controller. I don't think that it is usefull when just rendering a page.

    Maybe i get something wrong?

    Copy Link
  • Andy Butland 422 posts 2334 karma points MVP 4x hq c-trib
    Jun 19, 2013 @ 16:59
    Andy Butland
    0

    Yes, that's correct David.  It's used to prevent cross site request forgery attacks which are all about posted forms.  So it's not intended or useful for just rendering pages.

    To use it, decorate the action method that handles the form post back, and place the @Html.AntiForgeryToken() call within the form in your view.

    Copy Link
  • Dan Mothersole 22 posts 109 karma points
    Jun 20, 2013 @ 10:22
    Dan Mothersole
    0

    Hi,

     

    Thanks for the feedback, this was for a test project to get a feel for umbraco. I have added a new post event and everything fell into place.

    Cheers pointing out my mistake :)

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft