Monday, August 10, 2015

The provided anti-forgery token was meant for user "" but the current user is "user"

I was recently working on adding AntiForgeryToken information to my Claims-based ASP.NET MVC Web Application, when I suddenly encountered the following exception/error message:






After doing a bit of research, I came across this article: http://www.diaryofaninja.com/blog/2014/01/29/htmlantiforgerytoken-ndash-balancing-security-with-usability

It states that the following code can be added to the Application_Start even of your Global.asax file:

AntiForgeryConfig.SuppressIdentityHeuristicChecks = true;

Once I added this code to my Global.asax file, I no longer received this error message!

No comments:

Post a Comment