Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Simon Dingley 1472 posts 3429 karma points c-trib
    Feb 03, 2017 @ 12:43
    Simon Dingley

    UmbracoAuthorizedJsonController - 417 Missing token

    I have another issue I am trying to iron out and in the process of trying to simplify the issue I've created the most simple UmbracoAuthorizedJsonController implementation as follows:

    public class DataMigratorController : UmbracoAuthorizedJsonController
        public object HelloWorld()
            return new { Message = "Hello World" };

    If I browse to /umbraco/backoffice/Myplugin/DataMigrator/HelloWorld before login I get the expected 401 Unauthorized - great, that's what I want! However, when I login to Umbraco and then load the same path I get a 417 Missing token error returned. I've read numerous posts on here about deleting cookies, clearing cache and incrementing the ClientDependency version number and none have helped.

    Not sure where to go from here?

    Umbraco v7.5.8

  • Simon Dingley 1472 posts 3429 karma points c-trib
    Feb 03, 2017 @ 13:26
    Simon Dingley

    I have only 4 cookies set when this occurs:

    enter image description here

  • Dave Woestenborghs 3504 posts 12134 karma points MVP 8x admin c-trib
    Feb 03, 2017 @ 13:37
    Dave Woestenborghs

    Hi Simon,

    The HttpGet attribute can be the wrong one. There is one in the System.Web.Mvc namespace and one in the System.Web.Http.

    In Web API you need to use the last one. I had a similar issue once where I used the wrong one.


  • Simon Dingley 1472 posts 3429 karma points c-trib
    Feb 03, 2017 @ 13:51
    Simon Dingley

    Thanks Dave, I double checked that when I setup my test controller. Turns out the issue kind of wasn't an issue but the method of attempting to verify the controller was working - it needed to be called from Angular and not a browser!

  • Simon Dingley 1472 posts 3429 karma points c-trib
    Feb 03, 2017 @ 13:45
    Simon Dingley

    So I learnt something new here...

    If I setup a quick angular controller to call this API it works!

    There is a note in the source for the UmbracoAuthorizedJsonController stating

    Inheriting from this controller means that ALL of your methods are JSON methods that are called by Angular, methods that are not called by Angular or don't contain a valid csrf header will NOT work.

    So, that's one problem solved and I now know that I can't test UmbracoAuthorizedJsonController based implementations using browser based GET requests. Hopefully, this post saves someone else some time!

  • Bassem Elkadeem 3 posts 73 karma points
    Mar 31, 2023 @ 22:56
    Bassem Elkadeem

    Thanks you already save my time in it ^_^.

Please Sign in or register to post replies

Write your reply to: