PDA

View Full Version : How to pass the anti forgery token to an ASP.NET MVC action method?



wgpubs
19 Oct 2010, 9:05 PM
Can anyone using ASP.NET MVC tell me how to pass the anti-forgery token back successfully to action methods decorated with the [ValidateAntiForgeryToken] attribute?

I got code like the below but can't figure out how to pass the token back properly in my JSON. Everything I've tried thus far results in an "A required anti-forgery token was not supplied or was invalid."

Code:


[Transaction]
[ValidateAntiForgeryToken]
[HttpDelete]
public ActionResult Delete(int id) { ... }


[Transaction]
[ValidateAntiForgeryToken]
[HttpPut]
public ActionResult Edit(Location location) { ... }

[Transaction]
[ValidateAntiForgeryToken]
[HttpPost]
public ActionResult Create(Location location) { ... }


Thanks -wg

Carlos Miranda
14 Jun 2011, 5:02 AM
Ext.onReady( function() {
var myToken = document.getElementsByName('__RequestVerificationToken').item(0).value;
MyExtForm.MyHiddenField.setValue(myToken);
}

skirtle
16 Jun 2011, 10:48 AM
If you're using Ajax you could use either the Ext.Ajax.extraParams property or the beforerequest event.

lnaie
6 Mar 2013, 3:23 PM
You may also create a proxy that will set AFT header at run-time, before the request is being sent. That will allow you to use config and programmatic proxies. It works with Sencha Touch and MVC4 WebAPI.



Ext.define('WApp.model.AftRestProxy', {
extend: 'Ext.data.proxy.Rest',
requires: [ 'Ext.data.proxy.Rest' ],
alias: 'proxy.aftrest',
constructor: function (config)
{
var defaults = { timeout: 10000 };
this.callParent([Ext.Object.merge(defaults, config)]);
},
buildRequest: function (operation) {
// Add AFT header to proxy's headers
var r = this.callParent([operation]);
var afth = { 'RequestVerificationToken': Ext.get("antiForgeryToken").getValue() };
var p = r.getProxy();
if (p) {
var h = Ext.Object.merge(p.getHeaders() || {}, afth);
p.setHeaders(h);
}
return r;
}});



Ext.define('WApp.model.UserProfile', {
extend: 'Ext.data.Model',
requires: [ 'WApp.model.AftRestProxy' ],
config: {
fields: [ ],
proxy: {
type: 'aftrest',
url: '/api/auth/getuserprofile'
}
}});