The anti-forgery cookie token and form field token do not match in MVC 4
I'm using the default login module in ASP.NET MVC 4. I did not change any code in the default application and i hosted it on a shared server.
After i logged in using default login page. i kept the browser idle for some time. Then obviously application redirected to the login page when i try to perform any controller action with [Authorize] attribute.
Then i try to login again and it gives an error when i click on login button.
The anti-forgery cookie token and form field token do not match.
LogIn action
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
{
return RedirectToLocal(returnUrl);
}
// If we got this far, something failed, redisplay form
ModelState.AddModelError("", "The user name or password provided is incorrect.");
return View(model);
}
I resolved the issue by explicitly adding a machine key in web.config.
Note: For security reason don't use this key. Generate one from https://support.microsoft.com/en-us/kb/2915218#AppendixA. Dont use online-one, details, http://blogs.msdn.com/b/webdev/archive/2014/05/07/asp-net-4-5-2-and-enableviewstatemac.aspx
<machineKey validationKey="971E32D270A381E2B5954ECB4762CE401D0DF1608CAC303D527FA3DB5D70FA77667B8CF3153CE1F17C3FAF7839733A77E44000B3D8229E6E58D0C954AC2E796B" decryptionKey="1D5375942DA2B2C949798F272D3026421DDBD231757CA12C794E68E9F8CECA71" validation="SHA1" decryption="AES" />
Here's a site that generates unique Machine Keys:
- How to hide columns in HTML table?
- How to do 301 redirects in asp.net from old Apache mod_rewrite style urls when moving a site from php to asp.net?
- Best practices when using oracle DB and .NET
- jQuery UI " $("#datepicker").datepicker is not a function"
- Why are my .NET application variables disappearing on my web server?
- How do I get the currently loggedin Windows account from an ASP.NET page?
- How to get the username without domain information
- Remove the domain name from User.Identity.Name
- HttpUtility.HtmlEncode escaping too much?
- Querying an Active Directory object property from ASP.NET application returns old results
- Can I disable selection of past dates in an <asp:textbox textmode="data">?
- Binary was not built with debug information
- Why does my ASP.NET textbox with textmode="date" show default values?
- Creating a proxy to another web api with Asp.net core
- Data is Null. This method or property cannot be called on Null values
- Do I need to close and dispose the SQLConnection explicitly?
- VS2022 vanilla React + ASP.NET Core using docker over HTTPS gives error
- Why do nested locks not cause a deadlock?
- Accessing the query string value using ASP.NET
- .Net Forms Authentication Issue - 401, even though cookie set
- Are there any performance issues or caveats with resource (.resx) files?
- call Javascript from code behind in asp.net web form
- Multipart form post only works if you look at it first
- EF Core doesn't detect changes when adding new entity to list (one to many)
- gcAllowVeryLargeObjects is not effective for using more than 2GB in an array in C# Asp.NET
- "The name 'HTML' does not exist in the current context" in MVC 3 Views
- SystemWeb Adapters Authentication failing due to multiple redirects with "query string is too long"
- I want to retrieve an Image from database and crop it as per the user needs
- Is OWIN fully supported by all the .NET Frameworks?
- Error: XML transformation error in Azure Pipelines