Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Bad Request - 400 Empty or invalid anti forgery header token #5335


User avatar
0
tteoh created

Hi, I'm using MVC5AJ1.

I'm trying to send request by using Postman with following the [https://aspnetzero.com/Documents/Development-Guide-Mvc-Angularjs#token-based-authentication]) here. But why am I getting Error 400?

Thanks. /Tommy


10 Answer(s)
  • User Avatar
    0
    alirizaadiyahsi created

    When I tested, it works well. We skip anti-forgery token validation for POST, PUT, PATCH and DELETE attributes. Are you using GET? In documentation we mention that you should use POST. If you want to use GET than you set an anti-forgery token or you can disable it.

    Check this document for more info: <a class="postlink" href="https://aspnetboilerplate.com/Pages/Documents/XSRF-CSRF-Protection">https://aspnetboilerplate.com/Pages/Doc ... Protection</a>

  • User Avatar
    0
    alper created
    Support Team

    Hi,

    Show what you have done so far (request & response)

  • User Avatar
    0
    tteoh created

    Thanks for the reply.

    Nope, I'm using POST. I was trying to login by using the URL of >http://localhost:6234/api/Account/Authenticate to login and get the token.

    Thanks. /Tommy

  • User Avatar
    0
    tteoh created

    <cite>alper: </cite> Hi,

    Show what you have done so far (request & response)

    I totally follow the token based authentication part and get the error. I'm wondering why.

    Thanks. /Tommy

  • User Avatar
    0
    ryancyq created
    Support Team

    Hi Tommy,

    Can you show the request header and body used in postman?

  • User Avatar
    0
    tteoh created

    <cite>ryancyq: </cite> Hi Tommy,

    Can you show the request header and body used in postman?

    Hi ryancyq,

    Yes, of course. [attachment=1:2y08710k]Capture.PNG[/attachment:2y08710k] [attachment=0:2y08710k]Capture.PNG[/attachment:2y08710k]

    Thanks. /Tommy

  • User Avatar
    0
    maliming created
    Support Team

    Make sure PostMan Interceptor is not enabled.

  • User Avatar
    0
    tteoh created

    <cite>maliming: </cite> Make sure PostMan Interceptor is not enabled.

    Hi maliming,

    Yup, it's not enabled.

    Thanks. /Tommy

  • User Avatar
    0
    maliming created
    Support Team

    hi tteoh

    Can you send us a project that can reproduce the problem? Email address: <a href="mailto:[email protected]">[email protected]</a>

  • User Avatar
    0
    tteoh created

    <cite>maliming: </cite> hi tteoh

    Can you send us a project that can reproduce the problem? Email address: <a href="mailto:[email protected]">[email protected]</a>

    Hi maliming, I have no idea why it's working now without the Error 400.

    Thanks. /Tommy