I am developing an orchard module, for which I have the "AntiForgery: Enabled" in the module.txt file.
However, I need a single action to skip the antiforgery check.
I have tried both,
[OverrideAuthorization]
[AllowAnonymous]
on the action with no success as I am still getting the following error when redirecting to the action from a thirdparty application.
The required anti-forgery form field "__RequestVerificationToken" is not present.
I have also tried solutions such as Override Authorize Attribute in ASP.NET MVC
Any ideas as to why this would not work within an Orchard module?
I have unfortunately had to update the Orchard.Framework.dll as seen here - Opt out Antiforgery token per method
The problem with this is that anytime we upgrade to a new version of Orchard we then need to keep this in mind and re-implement it.
There has however been a pull request - Fix for issue 19384, so hopefully will form part of future versions of Orchard