anti forgery token using rest client

Question

I have a mvc site and I use the ValidateAntiForgeryToken on some of my action methods. On view I have the following line of code:

 @Html.AntiForgeryToken()

The problem starts when I tried to call the function using postman rest client. I get an error:

The required anti-forgery form field "__RequestVerificationToken" is not present.

I tried sending the cookies needed as such: Cookie: ASP.NET_SessionId=hgpv04mkuldbex45im3gco; __RequestVerificationToken=2Of_03RzDacR4Hf-sWS3f_G0kZs1

But still getting the same error. Anyone knows what the hell am I missing please?

do you really want to use the anti forgery token? If not just remove the [ValidateAntiForgeryToken] attribute from the controller... — BillRuhl, Feb 23 '17 at 16:08
Are you interacting with a Web Api action? Web Api doesn't support cookies (since it is *REST-based* and *REST* doesn't support cookies). The `_RequestVerificationToken` must be provided as a header or in the request body. — Chris Pratt, Feb 23 '17 at 18:42

score 0 · Answer 1 · answered Feb 23 '17 at 16:10

0

It is two part

Part 1 is to add to the cshtml

@Html.AntiForgeryToken()

Part 2 is to add this to the method

[HttpPost]  
[ValidateAntiForgeryToken]  
public ActionResult CreateSomething(Something model)  
{
  if (ModelState.IsValid)  
  {
    //your logic 
  }
  return View(ModelName);
}

answered Feb 23 '17 at 16:10

KenL

865
5
14

part 3, if you are doing webApi -> http://stackoverflow.com/questions/11476883/web-api-and-validateantiforgerytoken – KenL Feb 23 '17 at 16:12

anti forgery token using rest client

1 Answers1