We received "The required anti-counterfeit token was not delivered or was invalid." errors and in the course of some further research, I was able to recreate the problem in its simplest form - I either do something completely wrong, or this is a limitation of the anti-fake token system.
Anyway, I would appreciate some advice!
Empty MVC 2 project: one view page, one controller
View:
<%--Sign in form:--%> <% using(Html.BeginForm("SignIn", "Home", FormMethod.Post)) {%> <%= Html.AntiForgeryToken()%> <input type="submit" value="Sign in" /> <%}%>
Controller:
public ActionResult Index() { ViewData["status"] = "Index"; return View(); } [ValidateAntiForgeryToken] public ActionResult SignIn() { ViewData["status"] = "Signed In!"; FormsAuthentication.SetAuthCookie("username", false); return View("Index"); }
[EDIT: simplified code example]
To recreate the exception, open two tabs without logging in - log in on the first tab and log in to the second tab.
The second tab will always throw a fake exception when I assume that the correct behavior would be to redirect to the page with the subscription (session sharing / authentication of the input login tab)
Any advice would be appreciated!
Cheers, dave
source share