1

I get this error - even though the AntiForgeryToken IS definitely in my view, inside a form tag:

The required anti-forgery cookie "__RequestVerificationToken_L0NpdTpLaW5nMTZNVkM10" is not present.

Controller 

/// <summary>
/// Delete 
/// </summary>
public ActionResult Delete(int Id)
{
    // Get place from Id
    var poll = PollRepo.Select(Id);

    if (poll == null)
        return HttpNotFound();

    return View(poll);
}

/// <summary>
/// Confirm Delete
/// </summary>
[HttpPost, ActionName("Delete")]
[ValidateAntiForgeryToken]
public ActionResult DeleteConfirmed(int Id)
{
    // Delete poll by Id from db
    PollRepo.Delete(Id);

    // Redirect to index
    TempData["message"] = "Poll Deleted";
    return RedirectToAction("Index");
}

View

    <dd>
        @Html.DisplayFor(model => model.Abc)
    </dd>

</dl>

@using (Html.BeginForm())
{
    @Html.AntiForgeryToken()

    <div class="form-actions">
        <input type="submit" value="Delete" class="btn btn-default" /> |
        @Html.ActionLink("Back to List", "Index")
    </div>
}

In generated HTML page

<form action="/MyApp/MyCont/MyAct/Delete/7" method="post"><input name="__RequestVerificationToken" type="hidden" value="JYMlRqNTUF6eoagnN6k7GrC1mJLKs1HDU4RCY_5_MEh2sIoJtumYEiM4LQF2BcKrf881xm-zdRU-KwBt381L9vBhuEJRLnMJY8aEgjVvdd41" />

When I press the delete button the error is returned.

Improve this question
4
  • The message is referring to the anti-forgery cookie so it's due to the cookie not being present Commented Oct 15, 2016 at 3:07
  • One possible cause is having <httpCookies requireSSL="true" /> in the web.config.cs file, but the project is not set to use SSL. Commented Oct 15, 2016 at 3:12
  • @StephenMuecke It was requireSSL thanks! The server requires SSL - and this flag was mistakenly set on the dev machine too.If you convert this to an answer I'll accept it thx. Commented Oct 15, 2016 at 16:38
  • I found very little on SO about this error, but I think there are other things that can cause it, and I update the answer later if I find anything. Otherwise I'll mark it as a community wiki so others can edit it with other possible causes. Commented Oct 16, 2016 at 4:09

1 Answer 1

Reset to default
3

The error message you see relates to the anti-forgery cookie, not the token (the code you have shown will submit the token correctly in the request).

Other than attacks from a malicious user or something on the client causing the cookie to be deleted, one cause of this error is that your web.config.cs file includes

<httpCookies requireSSL="true" />

but you project is not set to use SSL.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.