I have created a login form and some other controllers in mvc4. I put [ValidateAntiForgeryToken] on controllers and @Html.AntiForgeryToken() in each view. but after login when the page is redirected to another page it gives an error
The required anti-forgery form field "__RequestVerificationToken" is not present."
my sample controller is
[HttpPost, ActionName("UserLogin")]
[ValidateAntiForgeryToken]
[AllowAnonymous]
public ActionResult UserLogin(FormCollection collection)
{
string username = collection["txtUser"].ToString();
string password = collection["pwd"].ToString();
string Browser = HttpContext.Request.Browser.Browser;
if (db.Users.Any(u => u.Email == username && u.Password == password))
{
User usr = db.Users.Single(u => u.Email == username && u.Password == password);
return RedirectToAction("Details","User",usr.Id);
}
return HttpNotFound();
}
and view is
@using(Html.BeginForm("UserLogin","User")){
@Html.AntiForgeryToken()
@Html.ValidationSummary(true)
/// .......form elements....//
}
@using(Html.BeginForm("UserLogin","User", FormMethod.Post))
to make sure it redirects to post action of your controller – Cybercop