View Full Version : How to pass the anti forgery token to an ASP.NET MVC action method?

19 Oct 2010, 9:05 PM
Can anyone using ASP.NET MVC tell me how to pass the anti-forgery token back successfully to action methods decorated with the [ValidateAntiForgeryToken] attribute?

I got code like the below but can't figure out how to pass the token back properly in my JSON. Everything I've tried thus far results in an "A required anti-forgery token was not supplied or was invalid."


public ActionResult Delete(int id) { ... }

public ActionResult Edit(Location location) { ... }

public ActionResult Create(Location location) { ... }

Thanks -wg

Carlos Miranda
14 Jun 2011, 5:02 AM
Ext.onReady( function() {
var myToken = document.getElementsByName('__RequestVerificationToken').item(0).value;

16 Jun 2011, 10:48 AM
If you're using Ajax you could use either the Ext.Ajax.extraParams property or the beforerequest event.

6 Mar 2013, 3:23 PM
You may also create a proxy that will set AFT header at run-time, before the request is being sent. That will allow you to use config and programmatic proxies. It works with Sencha Touch and MVC4 WebAPI.

Ext.define('WApp.model.AftRestProxy', {
extend: 'Ext.data.proxy.Rest',
requires: [ 'Ext.data.proxy.Rest' ],
alias: 'proxy.aftrest',
constructor: function (config)
var defaults = { timeout: 10000 };
this.callParent([Ext.Object.merge(defaults, config)]);
buildRequest: function (operation) {
// Add AFT header to proxy's headers
var r = this.callParent([operation]);
var afth = { 'RequestVerificationToken': Ext.get("antiForgeryToken").getValue() };
var p = r.getProxy();
if (p) {
var h = Ext.Object.merge(p.getHeaders() || {}, afth);
return r;

Ext.define('WApp.model.UserProfile', {
extend: 'Ext.data.Model',
requires: [ 'WApp.model.AftRestProxy' ],
config: {
fields: [ ],
proxy: {
type: 'aftrest',
url: '/api/auth/getuserprofile'