0

I'm passing anti-forgery token still getting, The required anti-forgery form field __RequestVerificationToken is not present error.

Here is my form 

   @using (Html.BeginForm(null, null, FormMethod.Post, new { id = "create" }))
    {
        @Html.AntiForgeryToken()

        <div class="form-horizontal">
        ..............
         <div class="form-group">
                <div class="col-md-offset-2 col-md-10">
                    <input id="submit" type="submit" value="Create" class="btn btn-default" />
                </div>
            </div>
       </div>
    }

And here is my ajax call

    $(function () {
        $("#submit").click(function (event) {
            event.preventDefault();
            var form = $('#create');
            var token = $('input[name="__RequestVerificationToken"]', form).val();

            $.ajax({
                type: "POST",
                url: "/Create/Index",
                data:{
                    __RequestVerificationToken: token,
                    Title: $("#Title").val(),
                    Description: $("#Description").val()
                },
                contentType: "application/json; charset=utf-8",
                dataType: "json",
                success: function (data) {
                    console.log(data);
                },
                error: function (data) {
                    console.log(data);
                }
            });
        });
    });

I don't have requireSSL true in web.config as this post says https://stackoverflow.com/a/28786181/2238873

Where I'm doing wrong, please help me.

Leonardo Henriques
  • 784
  • 1
  • 7
  • 22
vinayak hegde
  • 2,117
  • 26
  • 26
  • 1
    Remove `contentType: "application/json; charset=utf-8",` (you not stringfying the data, and if you did you would not get the token anyway) –  Mar 14 '18 at 09:17
  • And as a side note, do not handle the buttons `.click()` event - handle the forms `.submit()` event (and cancel it) so you can check that the form is valid before making the ajax call. –  Mar 14 '18 at 09:19
  • uff! .... Removing the content type worked, but I tried with JSON.Stringify() that didn't work. Wasted half a day for this... Thanks @StephenMuecke – vinayak hegde Mar 14 '18 at 09:25
  • It does not work because the `[ValidateAntiForgeryToken]` attribute reads the values from the request, and when you stringify the data, its just a `string` - there is no name/value pair for `__RequestVerificationToken` (although you can create a custom attribute if stringying the data is necessary, but that would be extremely rare in mvc) –  Mar 14 '18 at 09:29
  • Note also that since your `id` attributes suggest you have generated the view correctly, all you need is `data: $('form').serialize(),` to correctly serialize the form including the token. –  Mar 14 '18 at 09:35
  • Can you please put your controller code also? – Govinda Rajbhar Mar 14 '18 at 10:10
  • https://stackoverflow.com/a/14473764/2798643 May solve your problem – Govinda Rajbhar Mar 14 '18 at 10:14

0 Answers0