Is it possible to use the MVC3 AntiForgeryToken from a non-MVC3 client (and use it in a SignalR hub)?

Question

With SignalR, in my web app, I am invoking server-side methods from the client using JavaScript. The Hub is in a MVC3 project, and the client calls are made from a classic ASP application (since it's JS that's making the calls, it could be any other framework).

If I add the System.Web.MVC namespace and decorate my hub methods with [ValidateAntiForgeryToken], how can I use an anti-forgery token generated by the server (similar to what I did here) and pass it along with client requests?

score 2 · Accepted Answer · answered Mar 21 '12 at 11:10

2

No the 2 system don't talk to each other that way. None of the mvc pipeline runs when you call into signalr. You'll have to run do manual verification to make that work.

answered Mar 21 '12 at 11:10

davidfowl

37,120
7
93
103

Is it possible to use the MVC3 AntiForgeryToken from a non-MVC3 client (and use it in a SignalR hub)?

1 Answers1