How have you set up the project? There seems to be a problem with the anti forgery if you don't run your site on a FQDN.
A typical case is that you run your site on http://mysite or just http://localhost. If you add a port number it seems to work. Can have something to with old cookies to0, try to clear em'.
What causes that exception to be thrown is if the token put in the form and the token put in a cookie don't "match".
If we assume that neither the form data nor the cookies have been intentionally changed/removed it seems most likely that it's the cookie that has been overwritten or something along those lines.
It's quite possibly related to what Johan was hinting at considering that cookies (in general) are scoped by domain (no port) and path.
Thanks for your replys!
I started with host "episerver7mvc" (port 80). Changed it to "episerver7mvc" (port 17033) and that did not work either. Tried "www.episerver7mvc.se" (port 17033) and that don't work either.
Can it be that I first created an empty EPiServer 7 site and then created an ASP.NET MVC 4 web application. Copied over the web application to the EPiServer site (without Global.* and Web.* files). Is there any other way to install that don't cause this problem?
I have emptied cookies from my browser as well, with no luck...
Not sure it matters for this, but does the siteUrl setting match your IIS host settings?
Yes they do.
Checked the cookies created when going into the admin-interface and there are none except ASP.NET_SessionId. Shouldn't there be a few others, like authtoken?
Can this be related to that I have uncommented the <authorization> element in web.config in order to get into EPiServer admin and create groups and roles for the first time?
It seems that when you don't use the login form the necessary cookies are not set. I created the Groups by using the "ASP.NET Configuration" to create the WebAdmins group and an admin user. Then I loged in the usual way and now I can create aditional groups in the admin interface.
If you use http and you have following line in your config
<httpCookies httpOnlyCookies="true" requireSSL="true"/>
just remove requireSSL attribute.
Trying to set up an EPiServer 7 site with MVC. And everything has gone alright until i tried to create a Group in the Admin interface.
After clicking on the "Add"-button I receive:
This is on an develper machine. Where have I gone wrong?