I've a website in asp.net MVC 3, I just put some anti-forgery token, and I don't know why, in one of my forms(not others), I receive this exception:
A required anti-forgery token was not supplied or was invalid.
It appears that in my html code, I've the following token:
<input name="__RequestVerificationToken"
type="hidden" value="0Ll0Io/fX0dR5HXCAroCKTKCBqNn2tmwgcqgYGjln8WVdWOPF2VQEen4wd2UKso1lpIstniXWjdgEE6m0ADgfRhIP25K12Y/ll+PFaYzoQgFAqSfL4XqNYKMrzvAKqmuqXnh3lwBFCYcDXKxRshKVefYelNfWgdFMtf8Ru/dT4qzWw9vU4KQS8eliglpzN9jXu5fekpBOsQGzOhoFHI3Ow=="
disabled="disabled">
Why do I get this disabled attribute?
Here is some of my code:
@using (Html.BeginForm("XXX", "YYY", FormMethod.Post))
{
@Html.AntiForgeryToken()
...
}
and the controller:
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult XXX(SessionStore sessionStore, CurrentModel model)
I can't find anything on disabled on google :/(
Here's the code that generates the hidden field:
public HtmlString GetHtml(HttpContextBase httpContext, string salt, string domain, string path)
{
string str = this.GetAntiForgeryTokenAndSetCookie(httpContext, salt, domain, path);
string antiForgeryTokenName = AntiForgeryData.GetAntiForgeryTokenName(null);
TagBuilder builder = new TagBuilder("input");
builder.Attributes["type"] = "hidden";
builder.Attributes["name"] = antiForgeryTokenName;
builder.Attributes["value"] = str;
return new HtmlString(builder.ToString(TagRenderMode.SelfClosing));
}
As you can see there's no trace of any disabled attribute.
So the situation you are describing cannot happen unless: