Hi,
When implement the anti-forgery feature, we modifed the FormContainerBlock.ascx to add this line:
<%= Html.GenerateAntiForgeryToken(Model) %>
Could you please check that file has been upgrade in your site? Or you are customizing the template so that line is not added? If it is not the reason, could you describe steps to reproduce the problem?
You are totally right, someway on the road <%= Html.GenerateAntiForgeryToken(Model) %> is implemented and our custom template did miss that, I also missed it yesterday when looking for it.
Thanks
Sorry for hijacking this thread. Since it is marked as solved, I hope you can elaborate on the solution.
@Dac - I am using Episerver Forms, and I am now getting this error too. However, I cannot see any FormContainerBlock.ascx file on my site. What file do I need to update to continue to use the latest version of Episerver Forms, and what change exactly do I need to make?
Thanks in advance
We have the same error but in our case the helper is present. We are missing the cookie somehow in production but not in test or development. Does anyone have a solution or sugesiont what it could be? We also have custom views but we did not have a custom view for the FormContainerBlock.ascx.
If you are using different ports only for the different sites you can get funny results with this btw. Either create a real sub domain for each site so cookies don't collide or make sure you clear the browser cache etc when switching site.
I'm still getting error:
Your anti-forgery token is not correct!
With or without <%= Html.GenerateAntiForgeryToken(Model) %> in my FormContainerBlock.ascx. Episever forms 4.8.0.0.
Error happends after HttpPost on my website and then when contentarea tries to render my form.
I'm not fully understanding your case. Could you send us an support case, we can look into it for investigation.
This seems flawed or bugged since epi 11. Cannot use previously created or newly created epi forms no matter how simple they are (textfield + submit button). Keep getting "Your anti-forgery token is not correct". Iv tried to change ports for the site and recreate forms and reinstall latest epi-forms nuget.
[HttpAntiForgeryException (0x80004005): Your anti-forgery token is not correct!] EPiServer.Forms.Internal.Security.AntiForgeryService.Validate(HttpContextBase httpContext) +475 EPiServer.Forms.Controllers.FormContainerBlockController.Index(FormContainerBlock currentBlock) +337 lambda_method(Closure , ControllerBase , Object[] ) +106 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +157 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27 System.Web.Mvc.Async.AsyncControllerActionInvoker.<BeginInvokeSynchronousActionMethod>b__39(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() +50 System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +228 System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +228 System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +228 System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +228 System.Web.Mvc.Async.<>c__DisplayClass33.<BeginInvokeActionMethodWithFilters>b__32(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34 System.Web.Mvc.Async.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() +26 System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult) +100 System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27 System.Web.Mvc.Controller.<BeginExecuteCore>b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +13 System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +36 System.Web.Mvc.Controller.<BeginExecute>b__15(IAsyncResult asyncResult, Controller controller) +12 System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +22 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +26 System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10 System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +21 System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +28 System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9 System.Web.Mvc.<>c__DisplayClassa.<EndProcessRequest>b__9() +22 System.Web.Mvc.<>c__DisplayClass4.<Wrap>b__3() +10 System.Web.Mvc.ServerExecuteHttpHandlerWrapper.Wrap(Func`1 func) +53 System.Web.Mvc.ServerExecuteHttpHandlerWrapper.Wrap(Action action) +65 System.Web.Mvc.ServerExecuteHttpHandlerAsyncWrapper.EndProcessRequest(IAsyncResult result) +70 System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride) +1436
Could you try to create a fresh Alloy MVC site and see if the error still occur? Do you custom the FormContainerBlock.ascx?
I can try, but no i have not done any customization of it. All iv done is to update all epi components from version 10 (which was the latest version when we installed the site last year) to version 11, and after that the forms stopped working =(
Our QA have tested with the case upgrade. What the result if you uninstall and install again Forms add-on?
No difference after reinstall of the Forms nugets. Il try on a fresh project now.
Well Alloy does not seem to be updated for EPI CMS 11 :( , il try a blank project instead.
This is not working... for some reason it works on a completly new empty project (Alloy needs to be updated btw), but does not work on our current solution, time to roll back...
This was a version 10 CMS solution with no customization made to how epi forms works at all.
I had the same problem. Added <%= Html.GenerateAntiForgeryToken(Model) %> inside the submit <form> and now it works again.
We had the same issue on our site after upgrade to CMS 11 and Forms 4.9.1. No custom Forms. Worked perfectly in development, but not in production.
Turns out Forms are now using cookies to store the antiForgeryToken. And the site didn't allow that cookie, therefor it failed with exception
Failed to validate the anti-forgery token System.Web.Mvc.HttpAntiForgeryException (0x80004005): The required anti-forgery cookie "__RequestVerificationToken" is not present.
When allowing the cookie it works again.
Had the same error, but in my case it was caused by the page controller being decorated with the [ContentOutputCache] attribute. Which explains why submit worked when logged into episerver. Removed the attribute and works like a charm again.
You can replace default implement of IAntiForgeryService then bypass the validation. Does that help?
Forms 4.6.1 and 4.8
maybe a chain of events but suddenly i can not post data on my site with Epi.Forms.
Getting:
To solve it quick and dirty i did put
<%= html.antiforgerytoken() %> into FormContainerBlock.ascx%=>
Why? What happend? I can't remember making a release that day, nor changing any config on server. How is epi.forms handling AntiForgeryToken?