The required anti-forgery form field "__RequestVerificationToken" is not present.

1 2 3 >
Posted: June 20, 2015 at 1:03 AM Quote #147356
As security has been tightend in 3.60 I now receive the following error when I save the configuration of my plugins. As I am currently in the process of migrating my plugins to 3.60 I would like to know what is causing this exception and what to do the make all compatible.


The required anti-forgery form field "__RequestVerificationToken" is not present.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.Mvc.HttpAntiForgeryException: The required anti-forgery form field "__RequestVerificationToken" is not present.

Source Error:


Line 43:            
Line 44:             var validator = new ValidateAntiForgeryTokenAttribute();
Line 45:             validator.OnAuthorization(filterContext);
Line 46:         }
Line 47:     }

Source File: c:\My Projects\NopCommerce3_60\Presentation\Nop.Web.Framework\Security\AdminAntiForgeryAttribute.cs    Line: 45

Stack Trace:


[HttpAntiForgeryException (0x80004005): The required anti-forgery form field "__RequestVerificationToken" is not present.]
   System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken) +261
   System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext) +356
   System.Web.Helpers.AntiForgery.Validate() +199
   System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext) +146
   Nop.Web.Framework.Security.AdminAntiForgeryAttribute.OnAuthorization(AuthorizationContext filterContext) in c:\My Projects\NopCommerce3_60\Presentation\Nop.Web.Framework\Security\AdminAntiForgeryAttribute.cs:45
   System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) +269
   System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__19(AsyncCallback asyncCallback, Object asyncState) +2749
   System.Web.Mvc.Async.WrappedAsyncResult`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +81
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +241
   System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object state, BeginInvokeDelegate beginDelegate, EndInvokeDelegate`1 endDelegate, Object tag, Int32 timeout) +164
   System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext controllerContext, String actionName, AsyncCallback callback, Object state) +987
   System.Web.Mvc.Controller.<BeginExecuteCore>b__1c(AsyncCallback asyncCallback, Object asyncState, ExecuteCoreState innerState) +165
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +196
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +241
   System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object callbackState, BeginInvokeDelegate`1 beginDelegate, EndInvokeVoidDelegate`1 endDelegate, TState invokeState, Object tag, Int32 timeout, SynchronizationContext callbackSyncContext) +241
   System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback, Object state) +1077
   System.Web.Mvc.Controller.<BeginExecute>b__14(AsyncCallback asyncCallback, Object callbackState, Controller controller) +70
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +90
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +241
   System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object callbackState, BeginInvokeDelegate`1 beginDelegate, EndInvokeVoidDelegate`1 endDelegate, TState invokeState, Object tag, Int32 timeout, SynchronizationContext callbackSyncContext) +246
   System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) +894
   System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) +80
   System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__4(AsyncCallback asyncCallback, Object asyncState, ProcessRequestState innerState) +182
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) +196
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) +241
   System.Web.Mvc.Async.AsyncResultWrapper.Begin(AsyncCallback callback, Object callbackState, BeginInvokeDelegate`1 beginDelegate, EndInvokeVoidDelegate`1 endDelegate, TState invokeState, Object tag, Int32 timeout, SynchronizationContext callbackSyncContext) +241
   System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state) +953
   System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext, AsyncCallback callback, Object state) +141
   System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData) +80
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +12288923
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +288
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
In an age where information is abundantly available it is no longer enough to possess it; you have to act on it. (Computer magazine 1997)
Best regards
Stefan van der Horst
Posted: June 20, 2015 at 1:09 AM Quote #147357
Got it:

We'll need to add

@Html.AntiForgeryToken()

to all our configuration html pages.
This post/answer is useful
2
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
In an age where information is abundantly available it is no longer enough to possess it; you have to act on it. (Computer magazine 1997)
Best regards
Stefan van der Horst
Posted: June 21, 2015 at 5:16 AM Quote #147404
I have the same error: I have installed GestPay plugin for Nop Commerce 3.6 but when I click on save in "Configure Payment" I have this error. I have already added "@Html.AntiForgeryToken()" reference in both Plugin cshtml pages but I have the same issue.

Any idea?
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: June 21, 2015 at 8:03 AM Quote #147408
Did you recompile your plugin? That's needed to get your cshtml copied to the presentation/plugins/xxx folder
This post/answer is useful
1
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
In an age where information is abundantly available it is no longer enough to possess it; you have to act on it. (Computer magazine 1997)
Best regards
Stefan van der Horst
Posted: June 21, 2015 at 8:05 AM Quote #147409
I nave not source code. I have downloaded the demo version
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: June 21, 2015 at 8:12 AM Quote #147410
Then you likely don't have a 3.60 version of the plugin but a 3.50 or 3.40 version. Contact your supplier as they may need to add some more code to make their plugin 3.60 compatible.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
In an age where information is abundantly available it is no longer enough to possess it; you have to act on it. (Computer magazine 1997)
Best regards
Stefan van der Horst
Posted: June 25, 2015 at 8:22 AM Quote #147680
I am adding @Html.AntiForgeryToken() to my configuration views and I'm still getting this error. I cleaned and rebuilt the solution and verified that @Html.AntiForgeryToken() is in the configuration views in the deployment folder. Any ideas?

Thanks,
Kevin
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: June 25, 2015 at 8:44 AM Quote #147682
What error?
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
In an age where information is abundantly available it is no longer enough to possess it; you have to act on it. (Computer magazine 1997)
Best regards
Stefan van der Horst
Posted: June 25, 2015 at 8:46 AM Quote #147683
actOpus wrote:
What error?


The error the OP had. I found the problem though. I needed to put @Html.AntiForgeryToken() inside the form block...duh...=)

Thanks,
Kevin
This post/answer is useful
1
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: June 25, 2015 at 8:51 AM Quote #147684
very well.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
In an age where information is abundantly available it is no longer enough to possess it; you have to act on it. (Computer magazine 1997)
Best regards
Stefan van der Horst
1 2 3 >
Premium support services
  • Dedicated premium support services provided by core developers are intended for persons who run mission critical websites, work on projects with tight deadlines, or want to get dedicated support.
Professional services
  • Want to open a new store? Want to take your store to the next level? Need a custom extension? We can customize nopCommerce to fit your store perfectly. Request a quote to get started.
eCommerce CONFERENCE 2017
Learn more