HttpAntiForgeryException

Topics: Writing modules
Feb 2, 2015 at 2:16 PM
Hi All,

We are stuck with the “The required anti-forgery form field "__RequestVerificationToken" is not present.” error message when doing an ajax postback to a controller in our Orchard module. We’ve tried all solutions we could find on the internet, but nothing seems to do the trick. We get the token (antiForgeryToken variable) using the @Html.AntiForgeryTokenValueOrchard() method.
So far, we’ve tried passing the token in the request headers and also in the data array. We’ve also decorated our action with the [ValidateAntiForgeryTokenOrchard] attribute to make sure Orchard would check for the parameter, but we’re still getting the same exception. We are using angular factory and our controller also has an [HttpPost] attribute. You can see our code below. Could you please give us a hand in solving this issue.

$http({
        method: 'POST',
        url:  '/Controller/Action’, 
        headers: { “__RequestVerificationToken": antiForgeryToken },
        data: { 
            Model: customModel
        }
    })
and

$http({
        method: 'POST',
        url:  '/Controller/Action’, 
        data: { 
            Model: customModel",
            __RequestVerificationToken: antiForgeryToken
        }
    })
Feb 2, 2015 at 5:47 PM
maybe disable it as said here.
http://weblogs.asp.net/bleroy/opting-out-of-anti-forgery-validation-in-orchard
this will be in next version 1.9 of orchard.
Feb 3, 2015 at 4:26 PM
Thanks for that giannik :) The workaround did the trick for the moment, but we will need to enable the anti-forgery token for ajax eventually.