Login/Register
How to use MVC AntiForgeryToken with partial views
Asked Answered
Solved c#asp.net-mvcrazorantiforgerytoken
H

1

5

My question is more driven by what is the proper approach when dealing with partial views. Is there a token for each partial view, or the container as a whole?

Currently our form contains divs for 5 partial views. The user is responding to a list of certification questions, and based on responses 1 or more divs/partial views are displayed. Each partial view is accepted/declined (button select) and the form as a whole is submitted (button). Currently, each partial view has its own AntiForgeryToken and corresponding token validation in the controller (in the manner as you indicated).

With this approach we periodically see the System.Web.Mvc.HttpAntiForgeryException

If I have a form/view that will display 1 or more partial views based on user responses. Where do I need to place the AntiForgeryToken? In the parent view? In the partial views? Both?

My theory is that when multiple partial views are represented a mismatch of tokens occurs and the error is reported. My thinking is to move the token to the main/parent view.

Am I on the right track? Anybody had to deal with something similar?

Hath answered 13/3, 2014 at 13:56 Comment(2)
you might get solution here: #7793703 OR #16816134Beadroll
So, once all the partial view's are handled, the form is submitted? I don't think you'd need more than the one token in the parent container.Phane
C
7

as you have multiple partial views within a single form you need to add @Html.AntiForgeryToken() in the parent page (form) alone.

You need not place the same in each and every partial

Chico answered 13/3, 2014 at 14:11 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.