include antiforgerytoken in ajax post ASP NET MVC

Question

I am having trouble with the AntiForgeryToken with ajax  I m using ASP NET MVC 3  I tried the solution in jQuery Ajax calls and the Html AntiForgeryToken    Using that solution  the token is now being passed   var data              with token  key is    RequestVerificationToken     ajax           type   POST           data  data          datatype   json           traditional  true          contentType   application json  charset utf-8           url  myURL          success  function  response                                       error  function  response                                        When I remove the  ValidateAntiForgeryToken  attribute just to see if the data  with the token  is being passed as parameters to the controller  I can see that they are being passed  But for some reason  the A required anti-forgery token was not supplied or was invalid  message still pops up when I put the attribute back   Any ideas   EDIT  The antiforgerytoken is being generated inside a form  but I m not using a submit action to submit it  Instead  I m just getting the token s value using jquery and then trying to ajax post that   Here is the form that contains the token  and is located at the top master page    lt form id    AjaxAntiForgeryForm  action     method  post  gt       Html AntiForgeryToken    lt  form gt

User · Answer

function DeletePersonel id                     var data   new FormData                    data append    RequestVerificationToken     HtmlHelper GetAntiForgeryToken                         ajax                       type   POST                       url    Personel Delete     id                      data  data                      cache  false                      processData  false                      contentType  false                      success  function  result                                                                        public static class HtmlHelper                       public static string GetAntiForgeryToken                                 System Text RegularExpressions Match value   System Text RegularExpressions Regex Match System Web Helpers AntiForgery GetHtml   ToString        value                                  if  value Success                                        return value Groups 1  Value                                    return

User · Answer

The token won t work if it was supplied by a different controller   E g  it won t work if the view was returned by the Accounts controller  but you POST to the Clients controller

User · Answer

it is so simple  when you use  Html AntiForgeryToken   in your html code it means that server has signed this page and each request that is sent to server from this particular page has a sign that is prevented to send a fake request by hackers  so for this page to be authenticated by the server you should go through two steps   1 send a parameter named   RequestVerificationToken and to gets its value use codes below    lt script type  text javascript  gt      function gettoken             var token     Html AntiForgeryToken             token     token  val            return token        lt  script gt    for example take an ajax call    ajax       type   POST       url    Account Login       data              RequestVerificationToken  gettoken            uname  uname          pass  pass            dataType   json       contentType   application x-www-form-urlencoded  charset utf-8       success  successFu        and step 2 just decorate your action method by  ValidateAntiForgeryToken

User · Answer

Another  less javascriptish  approach  that I did  goes something like this   First  an Html helper  public static MvcHtmlString AntiForgeryTokenForAjaxPost this HtmlHelper helper        var antiForgeryInputTag   helper AntiForgeryToken   ToString           Above gets the following   lt input name    RequestVerificationToken  type  hidden  value  PnQE7R0MIBBAzC7SqtVvwrJpGbRvPgzWHo5dSyoSaZoabRjf9pCyzjujYBU qKDJmwIOiPRDwBV1TNVdXFVgzAvN9 l2yt9-nf4Owif0qIDz7WRAmydVPIm6 pmJAI--wvvFQO7g0VvoFArFtAR2v6Ch1wmXCZ89v0-lNOGZLZc1    gt      var removedStart   antiForgeryInputTag Replace    lt input name     RequestVerificationToken   type   hidden   value               var tokenValue   removedStart Replace        gt             if  antiForgeryInputTag    removedStart    removedStart    tokenValue          throw new InvalidOperationException  Oops  The Html AntiForgeryToken   method seems to return something I did not expect         return new MvcHtmlString string Format    0     1         RequestVerificationToken   tokenValue        that will return a string    RequestVerificationToken  P5g2D8vRyE3aBn7qQKfVVVAsQc853s-naENvpUAPZLipuw0pa ffBf9cINzFgIRPwsf7Ykjt46ttJy5ox5r3mzpqvmgNYdnKc1125jphQV0NnM5nGFtcXXqoY3RpusTH WcHPzH4S4l1PmB8Uu7ubZBftqFdxCLC5n-xT0fHcAY1    so we can use it like this    function              submit-list   click function                ajax               url    Url Action  SortDataSourceLibraries                 data    items      sortable   sortable  toArray     Html AntiForgeryTokenForAjaxPost                  type   post               traditional  true                           And it seems to work

User · Answer

In Account controller          POST   Account SendVerificationCodeSMS      HttpPost       AllowAnonymous       ValidateAntiForgeryToken      public JsonResult SendVerificationCodeSMS string PhoneNumber                return Json PhoneNumber           In View     ajax        url    Account SendVerificationCodeSMS       method   POST       contentType   application x-www-form-urlencoded  charset utf-8       dataType   json       data            PhoneNumber      name  PhoneNumber     val              RequestVerificationToken      name    RequestVerificationToken     val              success  function  data  textStatus  jqXHR            if  textStatus     success                 alert data                  Do something on page                   else                  Do something on page                      error  function  jqXHR  textStatus  errorThrown            console log textStatus           console log jqXHR status           console log jqXHR statusText           console log jqXHR responseText               It is important to set contentType to  application x-www-form-urlencoded  charset utf-8  or just omit contentTypefrom the object

User · Answer

In Asp Net MVC when you use  Html AntiForgeryToken   Razor creates a hidden input field with name   RequestVerificationToken to store tokens  If you want to write an AJAX implementation you have to fetch this token yourself and pass it as a parameter to the server so it can be validated   Step 1  Get the token  var token      input name     RequestVerificationToken      val      Step 2  Pass the token in the AJAX call  function registerStudent      var student               FirstName       fName   val         LastName       lName   val         Email       email   val         Phone       phone   val          ajax       url    Student RegisterStudent       type   POST       data            RequestVerificationToken token       student  student                 dataType   JSON       contentType  application x-www-form-urlencoded  charset utf-8       success  function  response            if  response result     Success                 alert  Student Registered Succesfully                          error  function  x h r            alert  Something went wrong                   Note  The content type should be  application x-www-form-urlencoded  charset utf-8   I have uploaded the project on Github  you can download and try it   https   github com lambda2016 AjaxValidateAntiForgeryToken

User · Answer

Feel free to use the function below   function AjaxPostWithAntiForgeryToken destinationUrl  successCallback    var token      input name    RequestVerificationToken     val    var headers       headers    RequestVerificationToken     token    ajax       type   POST       url  destinationUrl      data      RequestVerificationToken  token       Your other data will go here     dataType   json       success  function  response            successCallback response              error  function  xhr  status  error              handle failure

User · Answer

I tried a lot of workarrounds and non of them worked for me  The exception was  The required anti-forgery form field    RequestVerificationToken      What helped me out was to switch form  ajax to  post      post      url        formId  serialize        function  data              formId  html data

User · Answer

In Asp Net Core you can request the token directly  as documented    inject Microsoft AspNetCore Antiforgery IAntiforgery Xsrf      functions      public string GetAntiXsrfRequestToken                 return Xsrf GetAndStoreTokens Context  RequestToken            And use it in javascript   function DoSomething id          post   something todo   id                      RequestVerificationToken     GetAntiXsrfRequestToken            You can add the recommended global filter  as documented   services AddMvc options   gt        options Filters Add new AutoValidateAntiforgeryTokenAttribute            Update  The above solution works in scripts that are part of the  cshtml  If this is not the case then you can t use this directly  My solution was to use a hidden field to store the value first   My workaround  still using GetAntiXsrfRequestToken   When there is no form    lt input type  hidden  id  RequestVerificationToken  value   GetAntiXsrfRequestToken    gt    The name attribute can be omitted since I use the id attribute   Each form includes this token  So instead of adding yet another copy of the same token in a hidden field  you can also search for an existing field by name  Please note  there can be multiple forms inside a document  so name is in that case not unique  Unlike an id attribute that should be unique   In the script  find by id   function DoSomething id          post   something todo   id              RequestVerificationToken       RequestVerificationToken   val             An alternative  without having to reference the token  is to submit the form with script   Sample form    lt form id  my form  action   something todo create  method  post  gt   lt  form gt    The token is automatically added to the form as a hidden field    lt form id  my form  action   something todo create  method  post  gt   lt input name    RequestVerificationToken  type  hidden  value  Cf       gt  lt  form gt    And submit in the script   function DoSomething             my form   submit        Or using a post method   function DoSomething         var form       my form           post   something todo create   form serialize

User · Answer

You have incorrectly specified the contentType to application json    Here s an example of how this might work   Controller   public class HomeController   Controller       public ActionResult Index                 return View                HttpPost       ValidateAntiForgeryToken      public ActionResult Index string someValue                return Json new   someValue   someValue               View    using  Html BeginForm null  null  FormMethod Post  new   id      AjaxAntiForgeryForm             Html AntiForgeryToken       lt div id  myDiv  data-url   Url Action  Index    Home    gt      Click me to send an AJAX request to a controller action     decorated with the  ValidateAntiForgeryToken  attribute  lt  div gt    lt script type  text javascript  gt          myDiv   submit function              var form         AjaxAntiForgeryForm            var token      input name    RequestVerificationToken     form  val              ajax               url    this  data  url                type   POST               data                       RequestVerificationToken  token                   someValue   some value                              success  function  result                    alert result someValue                                     return false           lt  script gt

User · Answer

I know this is an old question  But I will add my answer anyway  might help someone like me    If you dont want to process the result from the controller s post action  like calling the LoggOff method of Accounts controller  you could do as the following version of  DarinDimitrov  s answer    using  Html BeginForm  LoggOff    Accounts   FormMethod Post  new   id      AjaxAntiForgeryForm             Html AntiForgeryToken       lt  -- this could be a button -- gt   lt a href     id  ajaxSubmit  gt Submit lt  a gt    lt script type  text javascript  gt          ajaxSubmit   click function                     AjaxAntiForgeryForm   submit             return false           lt  script gt

[asp.net] include antiforgerytoken in ajax post ASP.NET MVC

Examples related to asp.net

Examples related to ajax

Examples related to asp.net-mvc

Examples related to asp.net-mvc-3

Examples related to csrf