質問
Opened my application in IE.
Created a dummy HTML files and copied the generated hidden field '__RequestVerificationToken" to dummy page.On form submit of this html file I am calling my service. When I opened this dummy page in another tab in IE and on submit. I saw successfully able to submit the data.
ValidateAntiforgey Token failed in this case.
Can any one guide how this kind of issue can be resolved.
解決 2
I got the answer to my Question
Validate Antiforgery Token compares cookie value with the _requestVerificationToken hidden value. So when a html which has _requestVerificationToken hidden field(copied from application) value in a new tab is opened, on submit of this page it passes ValidateAntiforgery validation because cookie value is same for both the tabs.
他のヒント
Do you mind to post your code in which you put the validation? Maybe something like:
https://stackoverflow.com/questions/20950934
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian[ValidateAntiForgeryToken(Salt="someArbitraryString")]
public ViewResult SubmitUpdate()
{
// ... etc
}
Thanks!
