I am attempting to use the ValidateAntiForgeryToken to prevent cross site forgery on my application. Keep getting the error
the required anti-forgery form field __requestverificationtoken is not present
Been seeing a lot of chatter on this but I have been unable to come up with a solution.
The code:
in my Index.cshtml, setting the AntiForgeryToken:
@using (Html.BeginForm(null, null, FormMethod.Post, new { id = "__AjaxAntiForgeryForm" }))
{
@Html.AntiForgeryToken()
}
in my ajax.utilities post method, setting the token:
var post = function (options, callbacks) {
// set default POST options
options.type = "POST";
options.dataType = options.dataType !== undefined ? options.dataType : "json";
options.contentType = options.contentType !== undefined ? options.contentType : "application/json; charset=utf-8";
var form = $('#__AjaxAntiForgeryForm');
var token = $('input[name="__RequestVerificationToken"]', form).val();
return sendRequest(options, callbacks);
};
my jquery sets the header properly i.e. "X-Requested-With":
if ( !options.crossDomain && !headers[ "X-Requested-With" ] ) {
headers[ "X-Requested-With" ] = "XMLHttpRequest";
}
finally in my controller I designate the HttpPost and ValidateAntiForgery attributes:
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult CreateComposite(string name, int compositeTypeId, int componentTypeId, DateTime inceptionDate)
{
return DispatchCommandWithJsonReturn(new CompositeCommands.CreateComposite(name, compositeTypeId, componentTypeId, inceptionDate));
}
I still get the error the required anti-forgery form field __requestverificationtoken is not present
Using MVC 5, I don't know if that is relevant
Any ideas what is wrong?
edit: I've seen this issue elsewhere on the site, tried to make edits suggested, to no avail.
