How to disable the antiforgery token check in ASP.NET MVC Core 2

asp.net-mvc asp.net-core-2.0 antiforgerytoken

Adam · May 21, 2018 · Viewed 7.8k times · Source

I am trying to avoid "AntiForgery" checking as it always fails when hosted from the 3rd party server. I am using ASP.NET Core 2.0 MVC application.

I added this option in the ConfigureServices function:

services
    .AddMvc()
    .AddRazorPagesOptions( options =>
    {
        options.Conventions.AuthorizeFolder("/Account/Manage");
        options.Conventions.AuthorizePage("/Account/Logout");
        options.Conventions.ConfigureFilter(new IgnoreAntiforgeryTokenAttribute());
    } );

But still I am getting this exception.

System.InvalidOperationException: The antiforgery token could not be decrypted.
System.Security.Cryptography.CryptographicException: The key {6fb328e7-4808-4b5d-b7dc-870d126e5ca4} was not found in the key ring.

Am I missing anything ?

Answer

Add the IgnoreAntiforgeryToken attribute (Order must > 1000) to the razor page model:

For example:

namespace CWACpch.Pages
{
    [IgnoreAntiforgeryToken(Order = 2000)]
    public class CreateOrderModel : PageModel
    {

How to disable the antiforgery token check in ASP.NET MVC Core 2

Answer

Related questions