Skip to main content

Processing AntiForgeryToken send with Ajax

You might have seen below error while doing ajax post to MVC action that validates AntiForgeryToken.
ASP.net MVC ValidateAntiForgeryToken does not handle passing RVToken in ajax requests by default.
ex: Below token sent in header won't be accepted at Controller level in MVC:

 
__RequestVerificationToken = $('[name=__RequestVerificationToken]').val()


I found a  better solution that works perfectly fine for all POST requests. Just implement the custom MVC Authorize attribute as shown below code: 
[AttributeUsage(AttributeTargets.Class, AttributeTargets.Method)]
public class MyValidateAntiForgeryToken : AuthorizeAttribute
{
    public override void OnAuthorization( AuthorizationContext filterContext )
    {
        var request = filterContext.HttpContext.Request;
  
        if (request.HttpMethod == WebRequestMethods.Http.Post)
        { 
            if (request.IsAjaxRequest())
            {
                var antiForgeryCookie = request.Cookies[AntiForgeryConfig.CookieName];
 
                var cookieValue = antiForgeryCookie != null
                    ? antiForgeryCookie.Value 
                    : null;
 
                AntiForgery.Validate(cookieValue, request.Headers["__RequestVerificationToken"]);
            }
            else
            {
                new ValidateAntiForgeryTokenAttribute()
                    .OnAuthorization(filterContext);
            }
        }
    }
}
You can add this attribute on either a post action method or on the controller class. 

 Put the below code in your _Layout.cshtml. This will handle the responsibility of sending AntiForgeryToken on all ajax post requests.
$(document).ready(function () { 
             
            $.ajaxSetup({
                'beforeSend': function (xhr) {
                    securityToken = $('[name=__RequestVerificationToken]').val();
                    xhr.setRequestHeader("__RequestVerificationToken", securityToken);
                }});

        });

 

 Happy Coding!!!

Popular posts from this blog

Remote debugging Windows azure cloud service - Worker Role

Remote debugging Windows azure cloud service - Worker Role Very recently I was working on design and development of a worker role component of cloud service. Locally debugging worker role is pretty easy. You just need to know that you need to set Cloud project as a start-up project and ready to go. Problem is when you deploy worker role to azure and trying to troubleshoot an unknown issue.  Thankfully we have remote debugging enable for cloud services – both web and worker roles. This is really handy tool to remotely debug without having to putting a lot of tracing and digging into it. However, remote debugging in worker role/web role requires few steps to be followed: Make sure you are debugging from same machine where you published Make sure to turn on Remote debugger on while you publish (This should be turned off for Production publish profiles) Make sure to Select Debug mode With all the above settings after you publish, you should be able to Atta...
Read more

Debugging code running on Remote machine

Before performing below steps, you need to make sure you have pdb files matching dll version on the remote machine.  Open below folder in your remote machine C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\Remote Debugger\x64  Open that folder and launch as admin  msvsmon.exe  Select all options to allow firewall From Tools > Options  - Keep the settings to default (as shown below) and click ok.  At this point your remote debugger is all set. You need to connect from Visual Studio by entering Machine IP: Port (4022) 
Read more

Differences between Object Serialization and Deserialization?

Serialization = putting the relevant state of the object into a streamable representation. That can mean converting it to a byte stream. This does not necessarily include copying every member variable into the stream. Deserialization = restoring an object from a serial representation and ensuring the invariants of the object. Deserialization can be thought of a separate constructor for the object.
Read more