This project is read-only.

Orchard Anti-Forgery Exception

Topics: Writing modules
Sep 13, 2011 at 1:01 PM
Edited Sep 13, 2011 at 5:36 PM

Why would this code cause an anti-forgery error when the user is logged in? An exception is thrown whether the token is comment out or not.

    -------------------- View --------------------------------------------

    <form method="post" id="ChatForm" action="/WebAcre.Chat/Home/Index" >


        <legend>Type Message</legend>
            <table style="width:100%;">
                <input id="MessageId" name="MessageName" style="width:90%;" type="text" />
                <input type="submit" value="Send"/>

    -------------------- Controller ---------------------------------------
    public ViewResult Index(FormCollection form)
        myChat.Add( ... );
        return View();

    ------- Exception thrown at AntiForgeryAuthorizationFilter.cs ------------

    namespace Orchard.Mvc.AntiForgery {
    public class AntiForgeryAuthorizationFilter : FilterProvider, IAuthorizationFilter {


        public void OnAuthorization(AuthorizationContext filterContext) {


        var siteSalt = _siteService.GetSiteSettings().SiteSalt;
        var validator = new ValidateAntiForgeryTokenAttribute {Salt = siteSalt};
-Ex-> validator.OnAuthorization(filterContext);

-Throws -> A required anti-forgery token was not supplied or was invalid.

Sep 13, 2011 at 6:33 PM

If I comment out the line //validator.OnAuthorization(filterContext); things work as it suppose to. Is this a bug or am I missing something?


Sep 13, 2011 at 6:37 PM

Create the form with

@using (Html.BeginFormAntiForgeryPost()) {

Sep 14, 2011 at 1:20 PM
bertrandleroy wrote:

Create the form with


@using (Html.BeginFormAntiForgeryPost()) {


Jan 29, 2012 at 11:35 AM
Edited Jan 29, 2012 at 11:36 AM

If you need to route your form to somewhere else (another controller for example), use Url.Action for the first argument i.e.:


        using (Html.BeginFormAntiForgeryPost(Url.Action("Index", "CONTROLLER", new {Area = "NAMESPACE"}), FormMethod.Post, new {id = "someForm"}))