Chris Chris - 1 month ago 22
ASP.NET (C#) Question

Antiforgery token issue resolved but weird after effect on project

I have 2 web application projects, both housed in TFS source control. The first project causes no issue with AntiForgery token.

This was the error

An exception of type 'System.InvalidOperationException' occurred in System.Web.WebPages.dll but was not handled in user code

Additional information: A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or 'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider' was not present on the provided ClaimsIdentity. To enable anti-forgery token support with claims-based authentication, please verify that the configured claims provider is providing both of these claims on the ClaimsIdentity instances it generates. If the configured claims provider instead uses a different claim type as a unique identifier, it can be configured by setting the static property AntiForgeryConfig.UniqueClaimTypeIdentifier.

and the found solution was to add

AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimsIdentity.DefaultNameClaimType;


that to the Global.asax.cs file of the project that kept throwing that error, so I did and it fixed the issue.

However...Now this is where the weird part comes in...When I run the "fixed" application I am logged in as the user from my other web application.

So I decided to run the other application and noticed I was still logged in, so I logged out and stopped debugging. Then went into the "fixed" project and commented out the

AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimsIdentity.DefaultNameClaimType;


and the project ran properly.

So apparently if I don't log out from the other application then this error gets thrown.

I have no idea what this is all about or even why this is happening, any idea's?

Answer

You're getting the errors because the cookie is stored against localhost which means any app you run will try to use it. To fix this you need to make the name of the cookie that your app uses distinct. This is done with the CookieName property. In the App_Start folder, edit the Startup.Auth.cs file (it may be named differently if you have a different template) and add in a line to set the cookie name:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    //snip
    CookieName = "NameOfYourAppForExample"
});
Comments