Troubleshooting anti-forgery token problems

by

I don’t know if you mean you are able to get the error on demand – or you’re seeing it in your logs but in any case here’s a way to guarantee an antiforgery token error.

Wait for it…

  • Make sure you’re logged out, then enter your login
  • Double click on the login button
  • You’ll get :

The provided anti-forgery token was meant for user “”, but the current user is “[email protected]”.

(For now I’m going to assume that this exact error message changed in MVC4 and that this is essentially the same message you’re getting).

There’s a lot of people out there that still double click on everything – this is bad! I just figured this out after just waking up so how this got through testing I really don’t know. You don’t even have to double click – I’ve got this error myself when I click a second time if the button is unresponsive.

I just removed the validation attribute. My site is always SSL and I’m not overly concerned about the risk. I just need it to work right now. Another solution would be disabling the button with javascript.

This can be duplicated on the MVC4 initial install template.

More Related Contents:

  1. How do I specify different Layouts in the ASP.NET MVC 3 razor ViewStart file?
  2. How can I supply an AntiForgeryToken when posting JSON data using $.ajax?
  3. ASP.NET MVC 3 – Partial vs Display Template vs Editor Template
  4. In MVC3 Razor, how do I get the html of a rendered view inside an action?
  5. How do you share scripts among multiple projects in one solution?
  6. Dependency Injection with Ninject and Filter attribute for asp.net mvc
  7. MVC 3 Model Binding a Sub Type (Abstract Class or Interface)
  8. Web API and ValidateAntiForgeryToken
  9. HTML.ActionLink vs Url.Action in ASP.NET Razor
  10. Using System.ComponentModel.DataAnnotations with Entity Framework 4.0
  11. Differences between Html.TextboxFor and Html.EditorFor in MVC and Razor
  12. How to change ‘data-val-number’ message validation in MVC while it is generated by @Html helper
  13. ASP.NET MVC3 and Windows Auth on IIS keeps redirecting to /Account/Login
  14. Do I need to install MVC 3/4 on web server to run mvc application
  15. How to create controls dynamically in MVC 3 based on an XML file
  16. asp.net mvc keep object alive, information
  17. Set disable attribute based on a condition for Html.TextBoxFor
  18. Custom Authorize Attribute
  19. ASP.net MVC – Display Template for a collection
  20. How can I use Html.Action?
  21. Castle Windsor Dependency Resolver for MVC 3
  22. How to reuse Areas, Controllers, Views, Models, Routes in multiple apps or websites
  23. The type or namespace name ‘DbContext’ could not be found [closed]
  24. How do I enable gzip compression when using MVC3 on IIS7?
  25. Disable client-side validation in MVC 3 “cancel” submit button
  26. MVC 4 how to validate a non-US date with client validation?
  27. Razor Nested WebGrid
  28. Steve Sanderson’s BeginCollectionItem helper won’t bind correctly
  29. MVC3 Validation – Require One From Group
  30. Having issue with multiple controllers of the same name in my project

Leave a Comment