The required anti-forgery form field "__RequestVerificationToken" is not present.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
8 years ago
As security has been tightend in 3.60 I now receive the following error when I save the configuration of my plugins. As I am currently in the process of migrating my plugins to 3.60 I would like to know what is causing this exception and what to do the make all compatible.


The required anti-forgery form field "__RequestVerificationToken" is not present.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.Web.Mvc.HttpAntiForgeryException: The required anti-forgery form field "__RequestVerificationToken" is not present.

Source Error: 


Line 43:             
Line 44:             var validator = new ValidateAntiForgeryTokenAttribute();
Line 45:             validator.OnAuthorization(filterContext);
Line 46:         }
Line 47:     }

Source File: c:\My Projects\NopCommerce3_60\Presentation\Nop.Web.Framework\Security\AdminAntiForgeryAttribute.cs    Line: 45 

Stack Trace: 


[HttpAntiForgeryException (0x80004005): The required anti-forgery form field "__RequestVerificationToken" is not present.]
   System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken) +261
   System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext) +356
   System.Web.Helpers.AntiForgery.Validate() +199
   System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext) +146
   Nop.Web.Framework.Security.AdminAntiForgeryAttribute.OnAuthorization(AuthorizationContext filterContext) in c:\My Projects\NopCommerce3_60\Presentation\Nop.Web.Framework\Security\AdminAntiForgeryAttribute.cs:45
   System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) +269
   System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__19(AsyncCallback asyncCallback, Object asyncState) +2749
   System.Web.Mvc.Async.WrappedAsyncResult`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +81
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +241
   System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate`1 endDelegate, Object tag, Int32 timeout) +164
   System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext controllerContext, String actionName, AsyncCallback callback, Object state) +987
   System.Web.Mvc.Controller.<BeginExecuteCore>b__1c(AsyncCallback asyncCallback, Object asyncState, ExecuteCoreState innerState) +165
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +196
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +241
   System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object callbackState, BeginInvokeDelegate`1 beginDelegate, EndInvokeVoidDelegate`1 endDelegate, TState invokeState, Object tag, Int32 timeout, SynchronizationContext callbackSyncContext) +241
   System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback, Object state) +1077
   System.Web.Mvc.Controller.<BeginExecute>b__14(AsyncCallback asyncCallback, Object callbackState, Controller controller) +70
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +90
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +241
   System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object callbackState, BeginInvokeDelegate`1 beginDelegate, EndInvokeVoidDelegate`1 endDelegate, TState invokeState, Object tag, Int32 timeout, SynchronizationContext callbackSyncContext) +246
   System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) +894
   System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) +80
   System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__4(AsyncCallback asyncCallback, Object asyncState, ProcessRequestState innerState) +182
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +196
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +241
   System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object callbackState, BeginInvokeDelegate`1 beginDelegate, EndInvokeVoidDelegate`1 endDelegate, TState invokeState, Object tag, Int32 timeout, SynchronizationContext callbackSyncContext) +241
   System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state) +953
   System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext, AsyncCallback callback, Object state) +141
   System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData) +80
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +12288923
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +288
In an age where information is abundantly available it is no longer enough to possess it; you have to act on it. (Computer magazine 1997)
Best regards
Stefan van der Horst
0
8 years ago
Got it:

We'll need to add

@Html.AntiForgeryToken()

to all our configuration html pages.
In an age where information is abundantly available it is no longer enough to possess it; you have to act on it. (Computer magazine 1997)
Best regards
Stefan van der Horst
2
8 years ago
I have the same error: I have installed GestPay plugin for Nop Commerce 3.6 but when I click on save in "Configure Payment" I have this error. I have already added "@Html.AntiForgeryToken()" reference in both Plugin cshtml pages but I have the same issue.

Any idea?
0
8 years ago
Did you recompile your plugin? That's needed to get your cshtml copied to the presentation/plugins/xxx folder
In an age where information is abundantly available it is no longer enough to possess it; you have to act on it. (Computer magazine 1997)
Best regards
Stefan van der Horst
1
8 years ago
I nave not source code. I have downloaded the demo version
0
8 years ago
Then you likely don't have a 3.60 version of the plugin but a 3.50 or 3.40 version. Contact your supplier as they may need to add some more code to make their plugin 3.60 compatible.
In an age where information is abundantly available it is no longer enough to possess it; you have to act on it. (Computer magazine 1997)
Best regards
Stefan van der Horst
0
8 years ago
I am adding @Html.AntiForgeryToken() to my configuration views and I'm still getting this error. I cleaned and rebuilt the solution and verified that @Html.AntiForgeryToken() is in the configuration views in the deployment folder. Any ideas?

Thanks,
Kevin
0
8 years ago
What error?
In an age where information is abundantly available it is no longer enough to possess it; you have to act on it. (Computer magazine 1997)
Best regards
Stefan van der Horst
0
8 years ago
actOpus wrote:
What error?


The error the OP had. I found the problem though. I needed to put @Html.AntiForgeryToken() inside the form block...duh...=)

Thanks,
Kevin
1
8 years ago
very well.
In an age where information is abundantly available it is no longer enough to possess it; you have to act on it. (Computer magazine 1997)
Best regards
Stefan van der Horst
0
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.