I´m upgrading a sollution to CMS 12. I use the default optimizely auth scheme, but I also have a second azure b2c oidc scheme for users of the website.
If i´m not signed in with azure or opti submitting forms works fine, but If I sign in with either azure or opti i get this error when submitting
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: Your anti-forgery token is not correct!
at EPiServer.Forms.Internal.Security.AntiForgeryService.Validate(HttpContext httpContext)
I´m pretty sure it´s because the anti-forgery token is based on your identity, so on the page with the form the token is created with your azure identity. But the endpoint that recieves the form post ("EPiserver.Forms/DataSubmit/Submit") uses your optimizely identity.
I´m not sure how to solve this, but both sender and reciever have to use the same identity somehow. Perhaps overriding the token validation? or the form submit action? or can I specify which auth scheme should be used?
I´m upgrading a sollution to CMS 12.
I use the default optimizely auth scheme, but I also have a second azure b2c oidc scheme for users of the website.
If i´m not signed in with azure or opti submitting forms works fine, but If I sign in with either azure or opti i get this error when submitting
I´m pretty sure it´s because the anti-forgery token is based on your identity, so on the page with the form the token is created with your azure identity.
But the endpoint that recieves the form post ("EPiserver.Forms/DataSubmit/Submit") uses your optimizely identity.
I´m not sure how to solve this, but both sender and reciever have to use the same identity somehow.
Perhaps overriding the token validation? or the form submit action? or can I specify which auth scheme should be used?
I´m happy for any suggestions.