How to disable antiforgerycheck for single Controller action?

Topics: Customizing Orchard, General, Writing modules
Feb 16, 2012 at 4:05 AM

I know I can turn it off entirely via the Module.txt, but I just want to disable it for a specific controller action.

I have an action link that does a "GET" submit to a controller, and I get an ugly anti-forgery token in my URL after it is used. 

Coordinator
Feb 16, 2012 at 4:49 AM

I think you can use a ValidateAntiForgeryToken attribute on that action to opt out. Also make the form not use anti-forgery.

Jun 14, 2012 at 4:57 PM

I can't seem to see how to do this, ValidateAntiForgeryToken doesn't seem to let you opt out, I understood this was they way to opt in??

I basically need to allow a post response from a payment gateway to call an action, but I need to the ValidateAntiForgeryToken functionality turned off for just this action.

TheMonarch, did you manage to get this working?

Coordinator
Jun 24, 2012 at 4:26 AM

I'm afraid you'll have to disable it for the whole module (from the manifest) and then re-enable it through the attribute on those actions that need it.

Oct 14, 2013 at 2:43 PM
How can i disable the AntiForgery for my customer module?

i have tried to set

AntiForgery: disabled

in the Module.txt, but this doesnt work.

Thank you
Coordinator
Oct 26, 2013 at 8:23 AM
Why do you want to disable it?