2

I've been adding AntiForgeryToken to my site, but I keep getting to errors which refer to my login page (POST)

  1. "The required anti-forgery cookie "__RequestVerificationToken" is not present."

  2. The provided anti-forgery token was meant for user "", but the current user is "userXYZ".

My Login page is like so:

<form action="~/Login" method="post">
 @Html.AntiForgeryToken()
...
</form>

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login(login a)
{
}

I've looked at this:

The required anti-forgery form field "__RequestVerificationToken" is not present Error in user Registration

and this
Anti forgery token is meant for user "" but the current user is "username"

But it's not clear to me what the answer is?

Any ideas?

Blauharley
  • 4,186
  • 6
  • 28
  • 47
D-W
  • 5,201
  • 14
  • 47
  • 74
  • Have you tried all of the proposed solutions in the first link? Checked your web.config and solution properties? Tried using @using(Html.BeginForm())? – f78xd23 Dec 31 '17 at 15:29

1 Answers1

0

Ok, so I have solved\fixed my second question.

So the user would login, then press back, login in again and then get

"The provided anti-forgery token was meant for user "", but the current user is "userXYZ"."

So an exception was actually being thrown in my dependency injection, it was asking for a controller which does not exist. So I found this site http://www.learnsharecorner.com/asp-net/fixed-httpantiforgeryexception-the-provided-anti-forgery-token-was-meant-for-user-but-the-current-user-is-username/

placed the following on my GET

[OutputCache(NoStore = true, Duration = 0, VaryByParam = "None")]

And the issue has gone (tho would like to get the bottom of it still).

Tho still seeking a solution to question 1?

D-W
  • 5,201
  • 14
  • 47
  • 74
  • Did you ever solve this? I am hitting it now, and I don't understand it –  Jun 01 '23 at 20:22