Question

Opened my application in IE.

Created a dummy HTML files and copied the generated hidden field '__RequestVerificationToken" to dummy page.On form submit of this html file I am calling my service. When I opened this dummy page in another tab in IE and on submit. I saw successfully able to submit the data.

ValidateAntiforgey Token failed in this case.

Can any one guide how this kind of issue can be resolved.

Was it helpful?

Solution 2

I got the answer to my Question

Validate Antiforgery Token compares cookie value with the _requestVerificationToken hidden value. So when a html which has _requestVerificationToken hidden field(copied from application) value in a new tab is opened, on submit of this page it passes ValidateAntiforgery validation because cookie value is same for both the tabs.

OTHER TIPS

Do you mind to post your code in which you put the validation? Maybe something like:

[ValidateAntiForgeryToken(Salt="someArbitraryString")]
public ViewResult SubmitUpdate()
{
    // ... etc
}

Thanks!

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top