0

The required anti-forgery cookie "_RequestVerificationToken..." is not present

I am getting this error on one specific machine. On that machine user gets it in two different browsers. rebooting, restarting browser, cleaning cookies, and restarting IIS App pool didn't solve the issue. On different machines this web app works fine.

conttroller:

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Edit(MyModel thisObject)
{
}

page:

<body>
@using (Html.BeginForm())
{
    @Html.AntiForgeryToken()
....
    <input type="submit" value="Save" class="btn btn-primary" />
}

Any idea what's going on here?

shlasasha
  • 165
  • 1
  • 14
  • Please check whether your web.config contains ``, if so, please comment it out. – samwu Apr 15 '21 at 02:57
  • @samwu it has been commented out before :) even if it wasn't how does it explain that this is problem for one user and not another? – shlasasha Apr 15 '21 at 13:12
  • Similar questions can be used as a reference.[https://stackoverflow.com/questions/16102957/the-required-anti-forgery-form-field-requestverificationtoken-is-not-present](https://stackoverflow.com/questions/16102957/the-required-anti-forgery-form-field-requestverificationtoken-is-not-present). – samwu Apr 21 '21 at 07:07

1 Answers1

0

When adding the AntiForgeryToken reference in the form, it generates a hidden input marked name=__RequestVerificationToken. Get the value of that input and add that to your call as a parameter. Check the answer to this post for details include antiforgerytoken in ajax post ASP.NET MVC

John Rodriguez
  • 71
  • 1
  • 5
  • I thought ASP.net does all that for me. Anyhow it works for everybody except one user. Any idea why, and how to fix it? – shlasasha Apr 15 '21 at 13:09
  • Is the issue happening on that user's machine or when you are testing as that user on your development machine? If it's on their machine, their browser could be caching and outdated token? – John Rodriguez Apr 15 '21 at 13:14
  • It is happening on user machine in two different browsers Chrome and Edge. Edge she didn't use before for this site. – shlasasha Apr 15 '21 at 18:29