I get this error in my login form:
The required anti-forgery form field "__RequestVerificationToken" is not present
I am using the default project of ASP.NET MVC generated with visual studio 2015 template.
Login.cshtml:
@using (Html.BeginForm("Login", "Account", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new { @class = "form-horizontal", role = "form" }))
{
@Html.AntiForgeryToken()
...
}
AccountController:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
...
}
Machine Key definition in web.config:
<machineKey validationKey="6237432C07086CE1A8FAAD3CC71A3AC1DE0B22DE9061D7CAF798E5B18E6E888D7A3F88004D0A928952CB81598ED565B26F8175E30294B1F5A1F3220229163F1C"
decryptionKey="E61A22E8DEE09CB4640B2863705CE6BC95E64C8797CAB8CAE7463BE7F9AB1B94"
validation="SHA1"
decryption="AES" />
Generated HTML page:
<form action="/Account/Login" class="form-horizontal" method="post" role="form">
<input name="__RequestVerificationToken" type="hidden" value="Ei4E03S5nvvdR9N2KJg8aGDQK9fI3xbBJLJzT3z3c7QAyyxbGf11ncmTAiD-8itHoKWYuNNghOsmyTS2hBDlmkv7Ttk1" />
I have a cookie in my browser with name __RequestVerificationToken
and value qM5XwYIQiiHk2lumHWcXHOPPji2VptN95X0FDLneyXSN3_sGrF6fe7zt8KHC5MjopQoBh9sJl5vEJLGOAzy1h-8R-nk1
that expires on session end: When the browsing session ends
.
This errors is not happening on local with IIS Express
, but after I deployed project to a server, this error occurred.
Clearing cookie and restarting browser did not solve the issue.
Any idea?
EDIT:
I removed anti-forgery token from both controller and view and found something strange: form submits data without any problem but somewhere between submitting and validation, all fields become null or empty. __RequestVerificationToken
became null before validation and this causes the problem. Now I am investigating on this new problem :(