My question is more dependent on what the correct approach is when considering partial representations. Is there a token for each partial view or the container as a whole?
Our form currently contains divs for 5 partial views. The user answers a list of certification questions, and based on the answers, 1 or more sections / partial views are displayed. Each partial view is accepted / rejected (button selection) and the whole form is sent (button). Currently, each partial view has its own AntiForgeryToken and the corresponding token check in the controller (in the way you specified).
With this approach, we periodically see a System.Web.Mvc.HttpAntiForgeryException
If I have a form / view that will display 1 or more partial views based on user responses. Where do I need to place the AntiForgeryToken? In the parent view? In partial views? Both?
My theory is that when presenting several partial representations, a token mismatch occurs and an error is reported. My thinking is to transfer the token to the main / parent view.
Am I on the right track? Did anyone have to deal with something like that?
source
share